First tech: No trusted certificate found

gtsr's Avatar

gtsr

10 Oct, 2021 07:28 PM

1-2 weeks ago with Moneydance version 2021.1 (3069) I started seeing "No trusted certificate found" when attempting to download transactions from First Tech. Prior to this I had no problems: downloads worked. So something changed recently. Is this something that needs a future MD update, or does it look like a problem on the First Tech end?

  1. 1 Posted by Dan Engholm on 23 Oct, 2021 03:39 AM

    Dan Engholm's Avatar

    I've had the same trouble for a few weeks now running build number 3095. Fortunately, my trusty build 1706 still works for downloading from First Tech. Then I close that and run a newer version for the new features. This is easy to do with Docker containers. Fortunately, the database schema is compatible between 1706 and even the latest 4057 build.

    I updated my Ubuntu 20.04 base image and installed the very latest MoneyDance build 4057 tonight and my First Tech accounts still failed to download. I exec'ed into the container and used curl to POST to https://ofx.firsttechfed.com and didn't get a certificate failure. With "curl -vvv ...", I was told that the TLS certificate was issued by Let's Encrypt. This was what I expected given that their root certificate expired on September 30th. The console even reported "Expired certificate: certs/lets_encrypt_authority_x3.cer". I couldn't find that file anywhere in my container's file system so I suspect that it's somehow built into MoneyDance. I also see in the console log: "using internal https+certificate checking". I suspect that we're stuck until Infinite Kind fixes this.

  2. 2 Posted by Dan Engholm on 24 Oct, 2021 08:54 PM

    Dan Engholm's Avatar

    I got excited when I saw build 4058 available so I downloaded and installed it into a Docker container image. I still get the same "No trusted certificate found" error. <sad trombone>

  3. 3 Posted by Dan Engholm on 09 Dec, 2021 03:40 AM

    Dan Engholm's Avatar

    This comment was split into a new private discussion: First tech: No trusted certificate found

    The latest preview build 4063 still hasn't fixed the problem I've been having with downloading transactions from First Tech. I can see that it has some changes to the SSL certificates but that's apparently not enough to do the trick.

    As with the last problem I had between Moneydance and First Tech, this ought to be fixable, after all, the trusty build 1706 functions just fine for downloading transactions. I'm happy to provide whatever details are needed to help the team get this working again.

  4. Support Staff 4 Posted by Maddy on 09 Dec, 2021 12:04 PM

    Maddy's Avatar

    Hi,

    We are sorry to hear about the problem you have encountered.

    If you haven't already, you should try to recreate the connection with your bank. You will need to disable your current connection and then recreate it using the New Connection button on the Online Banking Setup screen. To do so, you can follow these steps:

    1. Select your bank account in Moneydance

    2. Select Online --> Setup Online Banking
    3. Click the "Disable" button. If you don't see this button, just close the window.

    4. Repeat the previous steps for any additional accounts at the same institution.
    5. Select Online --> Setup Online Banking (again)

    6. Click the "New Connection" button and select your bank and hit OK
    7. Continue with the setup process, entering your username/password


    Make sure you pick "New Connection", even though your bank is still one of the connection choices after you disable it. Choosing your bank from the long list of available banks will force Moneydance to download the updated information, which should then allow you to connect.

    Please let us know if you continue to have connection problems after recreating your connection and we'll troubleshoot further.


    If the problem persists, could you send us the contents of your error console?  Here's how to get the logs:

    1)  In Moneydance, click on the Help menu and select the Console Window option.  This will open the console messages window.
    2) While the Console Window is open, attempt to connect to your bank.  Any error messages should be recorded to the Console.
    3) Select all of the text in the Console and use the "Copy to Clipboard" button at the bottom to copy the text.
    4) Paste the text from the message window into a text file (preferably saved with a .txt extension) and attach that file to your response here.

    Thank you

    --
    Maddy, Infinite Kind Support

  5. 5 Posted by Dan Engholm on 10 Dec, 2021 04:06 AM

    Dan Engholm's Avatar

    Hi Maddy.

    I highly appreciate you getting back to me.

    I tried the procedure you outlined and didn't encounter any trouble
    until step 7. To be honest, I didn't disconnect all of the accounts
    because I have something like ten of them at First Tech. If that really
    makes a difference, I'll do it with a copy of my data so I don't have to
    reconnect all of them again.

    During step 7 after I chose the account from the list, I hit the Next
    button and got an error dialog. I dismissed that and selected the Online
    Banking account from the drop-down list in the next window and hit Next
    then Finish. Then I told it to download transactions for that one
    account and encountered another error dialog. I copied the text from
    both of the error dialogs into the attached Zipped text file. After
    that, I pasted the text copied from the console window into the text file.

    After that, I closed Moneydance then started build 1706 with the same
    data files. I was able to successfully download a couple of new
    transactions from the account.

    Thanks again and please let me know if there's anything else I can
    provide to get to the bottom of this problem.

    --Dan

  6. 6 Posted by Alex Man on 14 Jan, 2022 03:38 AM

    Alex Man's Avatar

    I managed to fix this issue by myself by replacing the expired root cert inside moneydance.jar. Since Infinite Kind is too busy to fix the issue, I'm posting the solution here so technical savvy folks could take the matter into their own hands.

    1. Visit https://ofx.firsttechfed.com/, download the root cert or the intermediate cert file in DER/.cer format from that endpoint. I downloaded the intermediate cert.
    2. Unzip moneydance.jar
    3. Replace certs/lets_encrypt_authority_x3.cer with the downloaded cert.
    4. Zip to recreate the moneydance.jar with the replaced cert.
    5. Replace the jar.
  7. 7 Posted by Dan Engholm on 23 Jan, 2022 01:53 AM

    Dan Engholm's Avatar

    Thanks so much Alex! That's the clue I needed to get this working again for me. My trusty build 1706 finally stopped working with the same missing certificate error so I had to do something else. Since I install Moneydance into a Docker container image, I went through the process of creating an updated DEB file. What a relief this is!

  8. Support Staff 8 Posted by Sean Reilly on 23 Jan, 2022 01:47 PM

    Sean Reilly's Avatar

    I'd also like to thank you Alex for tracking down the issue. I've added the root CA for the Let's Encrypt authority to the list of trusted certificates for the next update to Moneydance. I'm surprised that multiple banks are now using Let's Encrypt for their servers, but it's given be a reason to clean up our CA certificates too.

    Thanks,
    Sean

    --
    Sean Reilly
    Developer, The Infinite Kind
    https://infinitekind.com

  9. System closed this discussion on 24 Apr, 2022 01:50 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac