[RDReavis]

Hello,

I originally posted the following on the OSMC forums and was redirected here for Kore support.

I am attempting to set up SSL for use with Kore on an Android device, and I’m having some problems. I’ve done the following on a fresh installation of OSMC on a Raspberry Pi 3:

Created certificates in ~/.kodi/userdata:
openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout server.key -out server.pem
Enabled both application control options for remote control from applications on this and other systems (through Settings -> Services -> Control)
Changed the HTTP server port to 443 (through Settings -> Services -> Control)
Enabled SSL (through Settings -> Services -> Control)
I’m able to connect using Kore until I enable SSL. Kore disconnects and is unable to reconnect. I am able to connect using a web browser after ignoring the certificate warnings about not having a trusted CA.

I see from the release notes that Kore v2.5.1 added support for self-signed certificates, so I’m not sure if there’s something wrong with my certificate. I tried importing server.pem into my Android device as a user certificate, which didn’t seem to help.

Any advice would be greatly appreciated.

[poisdeux]

You also need to add the certificate to your android device. See https://support.google.com/pixelphone/an...4832?hl=en for instructions.

[RDReavis]

You also need to add the certificate to your android device. See https://support.google.com/pixelphone/an...4832?hl=en for instructions.

Thanks for the prompt response poisdeux.

I have added the server.pem generated with the openssl command in the first post as a "VPN and apps" user certificate, but Kore is stuck at "Connecting..." after enabling SSL in OSMC. Attempting to test the connection in the "Manual configuration" page also fails.

[ooMikec5]

Same problem here.

Importing the self signed certificate in android doesn't help (the certificate is listed in settings, after importing).

After configuring the the kodi-settings in kore and clicking on "TEST" I get: "Couldn't connect to kodi. Please check the configuration.".

kore is at version v2.5.1 from f-droid.org.

Any hints?

[RDReavis]

I cloned the project and was able to discover the following must be set in the manual configuration, otherwise unencrypted connections will be attempted:
1. The device's address must be prepended with "https://".
2. Use TCP must be unchecked
3. Not completely sure about EventServer, but I unchecked it

Using these settings, a connection attempt is made, but an exception is thrown despite having the self-signed certificate present in Android's User Certificates as a VPN and apps cert:

Code:

javax.net.ssl.SSLPeerUnverifiedException: Hostname <IP ADDRESS> not verified:
    certificate: <CERTIFICATE HASH>
    DN: C=<COUNTRY CODE>
    subjectAltNames: []

0 = {StackTraceElement@6049} "org.xbmc.kore.jsonrpc.HostConnection.sendOkHttpRequest(HostConnection.java:615)"
1 = {StackTraceElement@6050} "org.xbmc.kore.jsonrpc.HostConnection.executeThroughOkHttp(HostConnection.java:539)"
2 = {StackTraceElement@6051} "org.xbmc.kore.jsonrpc.HostConnection.access$100(HostConnection.java:61)"
3 = {StackTraceElement@6052} "org.xbmc.kore.jsonrpc.HostConnection$1.run(HostConnection.java:371)"
4 = {StackTraceElement@6053} "java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)"
5 = {StackTraceElement@6054} "java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)"
6 = {StackTraceElement@6055} "java.lang.Thread.run(Thread.java:764)"

[pocia]

Hi,

I just wanted to share my experience, in case it might be useful to someone. I'm using Kodi 18.7 Leia on Raspbian 10 buster and Kore v.2.5.1 for Android.

One way to avoid self-signed certificate issues is to create your own root authority and use that root authority to sign a certificate for your kodi server. This can be achieved by using e.g. minica: https://github.com/jsha/minica
Assuming your kodi server is at 192.168.1.10, after running:

Code:

./minica --domain 192.168.1.10

you will obtain the following four files

Code:

minica.pem # the root authority certificate
minica-key.pem # the private key of the root authority
192.168.1.10/cert.pem # the certificate for your kodi server
192.168.1.10/key.pem # the private key for your kodi server

You can cut the files in the 192.168.1.10 folder and paste them in the kodi server to the folder .kodi/userdata taking care of renaming them (cert.pem becomes server.pem, and key.pem becomes server.key).
Finally, you can install the root authority certificate (minica.pem) to your device (Android phone, Firefox on your laptop, etc.).

When configuring Kore:
- prepend "https://" to the IP address of the server (as rightfully pointed out by @RDReavis )
- use a port above 1024 (e.g. 8080): this is because port below 1024 require root permissions to be used, and we do not need that. Remember to set the same port also in Settings -> Services -> Control of the Kodi server.
- if you have username/password, configure them both in Kore and Kodi server
- TCP unchecked
- EventServer unchecked

After these steps, you should have a working https connection between Kore and Kodi.