'Can't get a secure connection' error on Confluence Data Center and Server mobile app
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
問題
The Confluence Data Center and Server mobile app throws the following error when a user tries to connect it to an existing Confluence server site:
Can't get a secure connection
Either there's a problem with your site's certificate, or you need to install the certificate on your device.
または
Can't get a secure connection
Either you're not using HTTPS, there's a problem with your site's certificate, or it's not trusted by this device.
原因
The errors above appear when you've entered a HTTPS address, but the app can't get a HTTPS connection to your site.
この原因として、以下のことが考えられます。
- your certificate is self signed.
- the Certificate Authority (CA) is unknown, or is not one that Android / iOS trusts by default (for example it might be a new CA that is not yet trusted, or a private CA).
- 証明書チェーンに影響を与える中間 CA が証明書に含まれていない
- your site has HTTPS enabled, but your proxy is not configured to allow TLS 1.2 traffic.
- you are using an earlier version of the Confluence Data Center and Server mobile app that did not allow HTTP connections.
- you're accessing the app on an iOS device and your certificate does not meet Apple's certificate requirements.
- you are connecting to a version of Confluence Server that does not support the mobile app (6.7.x or earlier).
ソリューション
Not an admin? Send this page to your Confluence administrator and ask them to look into the problem for you.
The resolution will depend on the cause of your problem.
HTTPS
HTTP connections were not supported on earlier versions of the Confluence Data Center and Server mobile app. If you want to log in to a site that uses HTTP, you'll need to use the following versions of the app:
- Android app 0.1.40 or later.
- iOS app 1.1.0 or later.
Although you can log in with HTTP, in most circumstances we would recommend enabling HTTPS on your Confluence site.
Certificate issues
If your site uses a self-signed certificate, rather than one from a recognised Certificate Authority, you'll need to install the certificate on your device, in order to log in. Be careful, and always check with your administrator or IT team to make sure you're obtaining the certificate from the right place.
Some browsers will warn you that a site's certificate is self-signed, or from an unknown Certificate Authority, but still allow you to view the site. Even if you've done this, and are able to view the site on your browser, you'll still need to install the certificate in order to log into your site using the app.
Manually install your certificate on an iOS device
To install a certificate on your iPhone, iPad or other iOS device:
- Access the certificate on your device (for example, download it from a location provided by your admin, or open it from an email).
- The Install Profile screen will appear. Check the certificate details are correct (1) then tap Install (2).
- A warning will appear. Tap Install again.
- The certificate will be shown as Verified on the Profiles and Device Management screen.
- On your device go to Settings > General > About > Certificate Trust Settings
- Your new certificate will be listed. Tap to enable it (1).
- You should now be able to log in to your Confluence site using the Confluence Data Center and Server app.
These instructions are for iOS 11. Your version may differ. See https://support.apple.com/en-au/HT204477 for more information.
Manually install your certificate on an Android device
To install a certificate on your Android phone or tablet:
- Access the certificate on your device (for example, download it from a location provided by your admin, or open it from an email).
- When prompted, name the certificate (1).
- Follow the prompts to install the certificate (2).
- You can verify that the certificate has been installed at Settings > Security > Trusted Credentials > User (1).
These instructions are for Android 7.0. Your version, or device's implementation, might differ. See https://support.google.com/nexus/answer/2844832?hl=en for more information.
If you're still unable to connect after installing the certificate on your device, ask your admin to check that the following extension is declared in the certificate file:
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
Other certificate problems
If you are using a certificate from a Trusted Authority, you'll need to investigate why your certificate is not trusted by the device, as there may be an issue in the certificate chain.
The Security and SSL page in the Android developer documentation provides a more detailed explanation of the common problems encountered when verifying certificates. You can also check the Lists of available trusted root certificates in iOS, for the list of trusted root certificates preinstalled with iOS.
Apple also introduced additional security requirements in iOS 13. If people in your team will be using the app on an iOS device, your certificate will need to meet these requirements. See Requirements for trusted certificates in iOS 13.
TLS protocol
If you're using HTTPS, your proxy must allow TLS 1.2 traffic. This is an iOS requirement that we've chosen to implement for both the iOS and Android apps to prevent confusion (for example where one device can log in, and another cannot).
Many proxies allow TLS 1.2 by default, but some may require you to explicitly specify it in your proxy configuration. Alternatively, if your current configuration is from a few years ago, it may not have been updated to specify TLS 1.2.
For example, if you're using NGINX as your reverse proxy, make sure the listed SSL_protocols
in your configuration include TLSv1.1
and TLSv1.2
. See Running Confluence behind NGINX with SSL for an example configuration.