Android Auth failed ssl-client-cert 401

  • Platform information:
    • Hardware: QEMU, 4 Cores, 4 GB RAM, 64 GB HDD
    • OS: Debian 11
    • Java Runtime Environment: openjdk-17-jre
    • openHAB version: 3.2.0
  • Issue of the topic: Authentication fails for Android Device

Hi,

I’m very new and I just setup my first installation, which was kind of hassle free ( in contrast to my Home Assistant try).
I’m running OpenHAB behind a dedicated Nginx rerverse proxy host for SSL Offloading and stuff.

When I try to login via Android (12) App (2.19.0) it fails every time. I only setup Remote Access since my host is publicly accessible from the Internet.
The error message is like:

Authentication failed. Please check username and password or the SSL-Client-Certificate. HTTP-Code 401.

My reverse proxy is using Letsencrypt and those Nginx options to be as secure as it can be:

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;

I Also switched on TLS 1.1 and TLS 1 but it turns out authentification also fails. Then I tried different ciphers:

ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:EECDH+AESGCM:EDH+AESGCM:DHE-RSA-AES128-SHA;

without success.

What gave me the idea is the agent ID in the nginx log:

Mozilla/5.0 (Linux; Android 4.0.4; Galaxy Nexus Build/IMM76B) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.133 Mobile Safari/535.19

Yet I dunno how to proceed. The password is right, it’s being taken from my vaultwarden / bitwarden instance.

Thank you
junicast

According to your description I would suggest to have a look at this thread if it also solves your issue:

1 Like

yeah that worked, thank you.
I’m now getting en empty sitemap but that is to expect I guess ^^