question

angelm avatar image
angelm asked Jacob Abrams answered

Clover MINI certificate issues

We have an app that uses Lets Encrypt certificate and is attempting to connect to an API endpoint, but seems like it's not working. So, we would like to know:

1.- Do clover devices get updated of Certificate Authorities? In particular old Clover Mini devices.

2.- What certificate authorities are accepted by the clover devices?


Thank you in advance

Clover Mini
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

parquet76 avatar image
parquet76 answered parquet76 edited

They are self signed. More info on the certs here - https://docs.clover.com/docs/configuring-secure-network-pay-display#device-server-certificates. If your app is a semi integration you can avoid certificate issues by using a cloud connection (Cloud Pay Display instead of Secure Network Pay Display or Rest Pay Display) otherwise you will have to install the cert per the link above.

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Jacob Abrams avatar image
Jacob Abrams answered

The previously accepted answer is not correct, Secure Network Pay Display certificates are relevant when building an app that runs on an external POS machine like iPad, Windows PC or Android Tablet.


The asker is a developer building Android apps that run on the Clover device itself.


As the asker mentioned the built-in certificate authorities on original Mini have not been updated in a long time which means the Let's Encrypt CA is not trusted and hence the TLS connection is failing.


Most likely the exception seen would be: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.


To remedy this you will need to add the Let's Encrypt root certificates to your HTTP/TLS client manually.


Let's encrypt has published their root certificates here: https://letsencrypt.org/certificates/


This guide might help you create an HTTP/TLS client with the added roots: https://stackoverflow.com/questions/53304082/adding-a-custom-certificate-to-an-okhttp-client


The relevant code might look like:

HandshakeCertificates certificates = new HandshakeCertificates.Builder()
  .addTrustedCertificate(letsEncryptCertificateAuthority1)
  .addTrustedCertificate(letsEncryptCertificateAuthority2)
  .addPlatformTrustedCertificates()
  .build();

client = new OkHttpClient.Builder()
  .sslSocketFactory(certificates.sslSocketFactory(), certificates.trustManager())
  .build();


10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community