Android App not connecting

Attempts to connect to corporate jitsi server with Android app always receive an immediate disconnect when trying to create/join a conference.

It would appear from other similar posts that this is a certificate trust issue, but I am unable to verify that and can find no way to test to determine what the app is seeing as a problem.

I have installed Jitsi on a local corporate server (Ubuntu 18.04 LTS). I deployed it using corporate certificates and have installed the corporate CA on all corporate devices. I have validated the trust chain for the certificates used to deploy Jitsi.

Jitsi runs without issues for browsers (Mac, Windows, Linux, Chrome, Firefox, and Safari); Runs fine with the Jitsi app on IOS 13. Even the chrome browser on the Android device accepts the connection as valid and then transfers control to the jitsi app where it now fails to connect.

The root CA is installed on the Android device as a User Cert, and the nginx certificate used for the web site includes the full-chain certificate. The certificate uses Subject Alternative names to identify the server.

Any suggestions for troubleshooting this or insights as to the source of the problem would be appreciated. At this point we are able to use the server with everything except Android devices.

Thanks

Update #2: The problem appears to be device specific. The android app works fine on an android tablet, yet the same version of the app (20.2.3 build 4129209) will not work on a Samsung J3 phone. The root certificate has been installed on the device and is recognized by the browsers on the phone, all of which consider the certificate valid and navigate to the server with full https lock.

I am not sure what about this app is unique to the phone. Any assistance would be appreciated.

After banging my head for a week…
Had the same problem .seems finally solved.
My scenario on ubuntu 20, zerossl certificate, behind sophos xg firewall.hosted on intenet… works on everything except jitsi app…
Solution ( as it worked for me for android app)

  1. valid dns is needed for android app to work. nslookup on server 8.8.8.8 should resolve to your domain.
  2. valid certiciate chain … merge the certificate chain till root is the solution. check on whatsmychaincert.com/
  3. harvester IPs … they must be present otherwise… frequent disconnects will happen.
  4. check if certificate works without error on mozilla firefox… if there is no error there… app will work.

Thank you for the update. It appears that your situation is a bit different than mine in that my Jitsi server is not visible to the Internet, hence an nslookup on the Google DNS server will not resolve. I have a valid DNS server visible to the corporate Intranet, but not the Internet. As a result, I have the following:

  1. A valid dns does exist on the corporate Intranet
  2. I have a validated certificate chain through root, and the root certificate is installed on both the server and the mobile device. (Note: whatsmychaincert.com/ will not work because my server, and dns, are not exposed to the Internet).
  3. I am not sure about “harvester IP’s” as this is not a familiar term, but I will investigate.
  4. The certificates and the applications work fine with firefox, chrome, and safari and the IOS app works without issue. Additionally, the Android app works except on Android 7.