S3Drive - Importing corporate SSL certificate

I have 1 question. I installed S3Drive on Windows Server 2022 but this is not working, cause then i login i got this error "AuthRetryableFetchError" and then i add S3 account i got this error: HandshakeException: Handshake error in client (OS Error: CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate/../../flutter/third_party/boringssl/src/ssl/handshake.cc.393))

Hi @joaotome1994, It seems that you're connecting to the corporate network which uses custom SSL certificate. It's likely that this certificate is already installed on your Operating System, however S3Drive can't see it automatically and you would need to import it directly to S3Drive. You may need to contact your network administrator to get the public certificate in the X509 / PEM format, alternatively you shall be able to download it yourself from your browser. For instance on Chrome/Chromium there is an option to download certificate of a website that you visit. Given that you're connected to the corporate proxy you will likely find When you visit some website in your Chrome browser, you can download it yourself and then import to S3Drive. You will likely need to download: "certificate chain" (not just a single certificate) and then extract root CA or intermediary CA (which usually will be the last one in the the certificate chain file). The example certificate looks like this:

-----BEGIN CERTIFICATE-----
MIIOSTCCDTGgAwIBAgIQFHitMmJOwc0JhD4dXvgHZTANBgkqhkiG9w0BAQsFADA7
...
-----END CERTIFICATE-----

You can verify contents of a public certificate from a console: openssl x509 -in certificate.crt -text -noout or using a website: https://www.sslshopper.com/certificate-decoder.html The certificate Give it a go, if you have any troubles I am more than happy to assist. (edited)

Certificate Decoder - Decode certificates to view their contents

Use this Certificate Decoder to decode your certificates in PEM format. This certificate viewer tool will decode certificates so you can easily see their contents.

7:59 AM

Tom changed the channel name: Importing corporate SSL certificate - Windows Server 2022 6/12/2024 8:00 AM

Hello. I am administrador and the server isn't joined in a domain. Its a new installation of Windows server so how i get that certificate to import in S3Drive

I Need to enable TLS1.3?

I've made an assumption that your network / web traffic is routed through some proxy which replaces the destination certificate with their own (typical setup in the corporate networks). In such case you would normally need to trust that proxy root CA. If that is the case you can follow instructions in my post above or use one liner to extract whole certificate with its chain. Below command runs on Linux, but if you use WSL on Windows it will probably work. In such case you can leave s3drive.app as it is or replace it with anything else, but in principle such corporate proxy would replace any SSL certificate to its own.

openssl s_client -showcerts -connect s3drive.app:443 < /dev/null 2> /dev/null | sed -n '/^-----BEGIN CERT/,/^-----END CERT/p'

This command will result in one or more certificate. Use first only if it's the only one, otherwise either use second or last one. (I haven't tried myself and I am not sure if intermediary CA or root CA is needed) TLS1.3 isn't needed. === It may well be that your S3 destination/endpoint doesn't have a publicly trusted SSL certificate, in such case you either need to make sure that is using trusted SSL certificate ... or you can trust it yourself by importing its root CA using the methods above (either through Chrome or command line). Did you try extracting the CA and importing it into S3Drive? If you don't mind telling, please let me know where are you trying to connect. (edited)

Hello i installed openssl on server and do the command openssl s_client -showcerts -connect s3drive.app:443 i got this message

message.txt

8.42 KB

Finally! After installing openssl and import the file from my machine i could be login in account. Everything is good now! Thanks for help!

5:50 PM