Quantcast
Jump to content

LG WEBOS 4.0 and below. Letsencrypt root certificated expired.


Recommended Posts

Found multiplex application that use letsencrypt stop working in 30 September 2021 on LG WebOS 3.5. This appear to be wide spread multiplex version of WEBOS. 

See 
AND 

link hidden, please login to view

As PLEX blaming to be LG fault. LG please provide solution to only 2 year old TV

LG

Our current app is available on 4K/UHD LG television models running the following system software:

  • webOS 3.0
  • webOS 3.5
  • webOS 4.0
  • webOS 5.0

No 720p or 1080p (“full HD”) sets are supported for our current app at this time.

Note: Due to root certificate limitations with the device OS itself, only webOS 5.0+ devices support secure connections with a personal Plex Media Server. To allow connections to a personal server, devices running earlier webOS versions must be set to Allow Insecure Connections in the TV app settings and the Plex Media Server must be set to Preferred for the Secure Connections preference.

  • Like 2
Link to comment
Share on other sites

I've got 

I've got this problem too with my OLED55E6V (AKA: the E6). I bought it in 2017. I find it baffling that a modern smart TV like has this problem. Built in obsolescence? LG should sort this out. I spent thousands of £ on this.

I have a Plex Media Server. I've tried the server and app settings to allow insecure connections but that isn't working.

Isn't this just a case of LG updating certificates?

The TV received a firmware update recently. Surely LG can resolve this?

 

Link to comment
Share on other sites

It should be very easy for LG to exchange the root certificates with an update. However, the question is whether this will happen....

Connections to older Plex servers still seem to work.
Also to those in the same network that are up to date but do not have their own certificates.

Whether this is really the problem is questionable.
However, SSL should be the most important thing these days and that must be running!

Link to comment
Share on other sites

19 hours ago, micneon said:

Whether this is really the problem is questionable.

It definitely is the problem.  Here's what works to recreate it on my 55B6, on firmware 5.60.25.

Manually set your TV clock to Sept 30, 9AM EDT (convert to your time zone if needed).

Goto any Wikipedia page using the browser. Works.

Manually set your TV clock to Sept 30, 11AM EDT (convert to your time zone if needed).

Goto any Wikipedia page using the browser. Does NOT work, you get a security error that cannot be bypassed.

Now manually set your TV clock back to Sept 30, 9AM EDT again (convert to your time zone if needed).

Goto any Wikipedia page using the browser. Works again.

A root cert (DST Root CA X2) expired around 10AM EDT on September 30th. Servers using Let's Encrypt certs (which includes Wikipedia) should be testable using either that root or the newer ISRG Root X1 - which, by the way, has been around since June 2015. If you have not updated the trusted root list attached to the browser since 2015, then you will see this failure, because after 10AM Sept 30th, only the ISRG Root X1 is still valid.

LG has had FIVE YEARS to fix this problem before it happened.

  • Like 1
Link to comment
Share on other sites

If your TV is rooted, you can use a bash script I wrote to remove the expired LetsEncrypt cert and add two new certs to the TV's truststore.  Open a shell on your TV and run the following four commands:

cd /tmp

wget  

link hidden, please login to view

chmod +x update-ca-certs.sh

./update-ca-certs.sh

After updating the certs, the TV will reboot, and you should be good to go.

Link to comment
Share on other sites

On 10/20/2021 at 10:31 PM, tam said:

If your TV is rooted, you can use a bash script I wrote to remove the expired LetsEncrypt cert and add two new certs to the TV's truststore.  Open a shell on your TV and run the following four commands:

cd /tmp

wget  

link hidden, please login to view

chmod +x update-ca-certs.sh

./update-ca-certs.sh

After updating the certs, the TV will reboot, and you should be good to go.

Can you please make some tutorial how to do it step by step for fresh people ? 

Link to comment
Share on other sites

On 10/20/2021 at 9:31 PM, tam said:

If your TV is rooted, you can use a bash script I wrote to remove the expired LetsEncrypt cert and add two new certs to the TV's truststore.  Open a shell on your TV and run the following four commands:

cd /tmp

wget  

chmod +x update-ca-certs.sh

./update-ca-certs.sh

After updating the certs, the TV will reboot, and you should be good to go.

Hi TAM,

I found a few issues with your script,

1. wget doesn't work on my TV I get - wget: not an http or ftp url:

2. Tried to overcome that by just downloading the script and SCP it to the TV that worked fine BUT you have wget again in the update-ca-certs.sh so I had to download and SCP the certs to the correct folders - NOW the final issue I see is and cannot understand is how is  /media/cryptofs/apps/usr/palm/services/com.palmdts.devmode.service/start-devmode.sh going to run and apply the setting? what will trigger this script?

Thanks, From what I can find you are the only one really working on this issue - Really appreciate it!

UPDATE:

To over come the wget issue I just used 'curl -k 

link hidden, please login to view
 --output update-ca-certs.sh'

I also update the 'update-ca-certs.sh' and replaced wget with curl --output' script (attached)   update-ca-certs.txt

still not seeing the certificates updated

 

 

 

Link to comment
Share on other sites

Hi Fem,

Thanks for pointing out the issue with wget. I may have installed wget myself some time ago and forgotten, so maybe it is a different version to the one you have. I have updated the script and instructions to use curl instead.

The script at /media/cryptofs/apps/usr/palm/services/com.palmdts.devmode.service/start-devmode.sh was created by the rooting process I used. So this file existed before I made any changes myself. It gets executed automatically each time the TV is switched on, so I just appended a few commands to the end of that script (to overlay the new certs and cert config onto the underlying readonly filesystem, and to force the system to recognise these new certs each time). If you used a different mechanism to get root, then maybe you have some script that executes on startup that you could append these commands to instead.

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Similar Topics

    • By Riva Saringer
      Hi,
      the WebOS specs stated that HLS is supported but didn't mention CMAF (or fragmented MP4) support.
      Therefore my question if CMAF(HLS)-Encodings are supported?
      Regards
      Riva
    • By BogdanCiobotaru
      Hi everyone,
       
      Has any of you updated OTA or manually to the latest webOS 2.0 firmware? It was released on June 13th in Europe and it is ver. 4.05.01! 
      Any new features or performance improvements?
    • By News Reporter
      Company Showcases Breadth of Technological Capabilities at
      Global Communications Conference in Seoul

      SEOUL, May 17, 2022 — LG Electronics (LG) is showcasing a diverse range of innovative, new mobility technologies, including connected vehicle solutions leveraging 6G and AI, at the IEEE International Conference on Communications (ICC) 2022. Open from May 16-20 at COEX Convention & Exhibition Center in Seoul, South Korea, this year’s ICC adopts the theme of ‘Intelligent Connectivity for Smart World’ and features a hybrid format combining physical exhibits and in-person attendance with virtual content and online participation.
      One of the IEEE Communications Society’s two flagship conferences, ICC typically attracts around 2,000 attendees from over 70 countries. The annual event offers exciting keynotes and robust technical paper sessions as well as informative and engaging tutorials, workshops and industry discussions.
      In keeping with ICC 2022’s intelligent connectivity theme, LG is showcasing its OMNIPOD concept car; a fully autonomous, connected vehicle that can act as an extension of one’s living or workspace. LG OMNIPOD employs the unique, floor-to-ceiling Meta-environment Screen and a host of other advanced technologies to adapt to passengers’ unique needs. Able to serve as practically any kind of space, from an office or recording studio to a video-editing workroom or even a lounge, the OMNIPOD is a future mobility solution that completely reimagines the in-vehicle experience.
      Additionally, LG is displaying its world-class 6G communications technologies, including Full Duplex Radio transmission and reception tech that maximizes frequency efficiency, and a power amplifier device, jointly developed with the Fraunhofer Heinrich Hertz Institute (HHI), for the wireless transmission and reception of 6G THz data. The company is also demonstrating its Soft V2X (with V2X standing for “vehicle to everything”) smartphone solution, which enables a vehicle to communicate in real-time with nearby vehicles, pedestrians and infrastructure to create a safer driving environment. The company is also presenting its on-device AI chip, which can be applied to various home appliances providing a smart life experience.
      “As the automotive industry is transitioning to a software-enabled ecosystem, LG is proactively developing next-generation technologies,” said Kim Byoung-hoon, CTO at LG Electronics. “Based on its advanced 6G and AI tech, LG will continue to strengthen its capabilities in various fields such as 6G communications, smart mobility, metaverse and robotics to take the customer experience to new heights.”
      Named an IEEE Fellow last year in recognition of his research achievements and expertise in the field of communications, the CTO will be delivering a keynote titled ‘Technology Advances in Connectivity and Software Defined Architecture for Smart Mobility’ at ICC on May 17. Mr. Kim will introduce the company’s direction regarding the transition to the software defined vehicle (SDV), as well as its latest solutions and services based on SDV and smart mobility technology.
      # # #

      link hidden, please login to view
    • By coyote
      I want to control my C1 with my Google Home speakers, but my Android LG ThinQ app is not sending the correct info to my Android Google Home app to link the ThinQ service.  
      When I try, the error message says "No devices were found in your LG ThinQ account".  However, the ThinQ app is signed into my account and successfully controlling my C1.
      Google Home support and I think the issue is with the ThinQ app.

      link hidden, please login to view says this should work.  My LG support agent told me it's not supported; I'm guessing she was new.
    • By Reggie Thayil
      Recently my LG C1 has been pausing on its own and going back to the profile selection screen while using native apps. This issue occurs while using Netflix, Disney+, Paramount+, etc.  I tried using my Firestick and it kept pausing my program. I tried a hard reset and that fixed the problem for 2 days before it started again with Disney+. 
      I need a fix for this issue ASAP. 
×
×
  • Create New...