Solved: Simulator SSL Problem - Page 2

JonFitbit · ‎11-04-2021

We are aware of an issue with SSL certificates that will impact use of the developer bridge with the simulator. We will be issuing a fix for the simulator in the comings days, in the meantime please use a physical device for development.

test1231 · ‎12-14-2021

Why has Fitbit not pushed a fix for this yet? This is a production app that is required to do effective development for Fitbit apps and from the looks of it this has been broken for over a month. Why aren't people getting paged and waking up to fix this? Does not inspire confidence for 3p Fitbit developers.

test1231 · ‎12-14-2021

It's understandable if the fix is difficult and takes time, but transparency with users goes a long ways. I just spent 30 minutes debugging why the simulator wasn't working, and eventually finally finding this thread after reading logs. If the fix takes more time or is non-trivial, at least ship a notice to users in the simulator itself (banner) that explains its broken and where to go to get status updates on the fix progress.

zbert · ‎12-18-2021

I understand the time it may take to fix the issue. What is disappointing is that a new user cannot build in the Fitbit Studio or with CLI. The Simulator will not receive installs due to SSL errors that have existed over a month. And there is no notification/banner on any page to explain this. As a developer, this gives me pause in whether FitBit is a good OS to develop for if the build tools don't work and the dev team cannot even put a simple notification out for over a month.

test1231 · ‎12-22-2021

Any updates? Thanks,

brunosilvano · ‎12-27-2021

Changing the certificate as suggested by the Best Answer worked for me (macOS). To check this was the root cause of my issue, I checked the logs in ~/Library/Logs/Fitbit OS Simulator/main.log. I had the following error logged:

ERR: SSL error: unable to get local issuer certificate (preverify_ok=0;err=20;depth=2)

I spent way more time then I should to fix it because I was changing the certificate in the atlas folder (as suggested by @JonFitbit here) while I was actually trying to run the vulcan (Sense) in the simulator 🙄
So, again, you need to change the certificate in the folder of your deploy target. In my case, this was then:

/Applications/Fitbit OS Simulator.app/Contents/Resources/static/devicesim/mac/vulcan.app/Contents/Resources

Extra: if anyone wants to generate the certificate themselves, what worked for me was using the following steps:

1. Download all SSL certificates from 027-v3-api-soa.fitbit.com (this address can be found also in the logs, just above the SSL error) - I used this method. There are 3 of them. Remember the hierarchy (*.fitbit.com -> CA -> Root)

2. The downloaded certificates will be .cer files. Convert each of them to .pem:

openssl x509 -inform der -in certificate.cer -out certificate.pem

3. Concatenate all 3 certificates into a single .pem file:

cat *fitbit_cert.pem CA_cert.pem ROOT_cert.pem > cacert.pem

The order here is important, should be from site to root certificate.

4. The generated cacert.pem should then be used in place of the old cacert.pem, just like the Best Answer suggests.

Krish_2009 · ‎12-30-2021

Hello everyone! The fix that @BeatYT said is correct, but it takes a long time to do this step for each device. I made this tool where it does this long process automatically. Note that this only works on Windows devices for now.

Download Tool

1. Download the file above

2. Open the file using Microsoft ® Windows Based Script Host

3. Wait while it replaces all of the certificates

4. Done!

just in case of an error it automatically creates a backup file of the old certificate.

greypse · ‎01-03-2022

@Krish_2009

This worked beautifully for me. Thank you so much for this!!!

FitPoint · ‎01-20-2022

Greetings, all the same, when will the Simulator functioning. I have tried installing(with cacert.pem ) on MacBook and Windows result -

! Device Bridge is Disconnected !

Thank You

B.R.

Constantine

JRitzman · ‎01-21-2022

I'm a web developer who thought it would be an interesting change of pace to do some watch development, but it appears that your platform is not ready for prime time, despite all the resources of Google at your disposal.

asztalosdani · ‎01-22-2022

This is still an issue (or again) today.

LazyLizard · ‎01-22-2022

This is somehow still an issue... What is going on?

wrytime · ‎01-22-2022

I agree that this should be fixed. In the meantime...

If you're on Windows, @Krish_2009 's script should work. Since I am on OSX, I took the certificate contents from that script (since the other URLs are now down), and manually copied it to the locations of the individual build targets mentioned by @brunosilvano . I can make an equivalent bash script to share for OSX if people need it.

obakesan · ‎01-27-2022

This topic is a few months old but just been diving into some dev again here and there and noticed the issue with the SIM and the SSL cert.

From what I can tell the certt for 027-v3-api-soa.fitbit.com is signed by GTS Root R1 for *.fitbit.com. The certs in the package are for DigiCert Global Root CA. Copying the updated Root CA cert to the package folder does the trick.

If people are hesistant on downloading a cert from discord or running scripts. You can get the cert direct from Google here: https://pki.goog/repo/certs/gtsr1.pem

Testing that with the "Atlas" aka Versa 3 shows me the SIM device bridge is now ready and waiting for a connection.

Guy_ · ‎01-27-2022

Thanks @obakesan - an official fix was to have been issued in April 2021, presumably in the form of a new version of the OS simulator.

Can we expect it soon?

Author | ch, passion for improvement.

zbert · ‎01-29-2022

Just an update. After waiting two months for a fix, I just uninstalled FitBit studio. My fitbit watch (new) quit after 3 days of use. I guess the product is no longer what it used to be. A dev community could help that but months of no answer, let alone fix, for an issue in getting the tools to work speaks to the state of support. Goodbye FitBit.

SarahBass · ‎02-03-2022

Replacing cacert.pem worked on my Macbook Pro 2020 Mac OS Big Sur. Thank you. When you open, Atlas or whichever program you need, you go to Resources, and you will see the cacert.pem , which looks like a certificate. Then you trash it and replace.Close the simulator app, re-login , and open it. The debugger will light up green.

ac_devel · ‎02-10-2022

This worked fine for me! I had to use sim because new device did not have latest FW and thus, incorrect API for development with FitBit studio

fitYourLife · ‎02-12-2022

Problem still persists on macOS.

Mcwilson63 · ‎02-13-2022

I did this today and it worked amazingly!! Thanks so much @brunosilvano

Thanks for adding in the part about joining the 3 Certs together - saved me so much reading/extra learning.

I did need to use quotes to force my terminal program to detect the cert names correctly, as they have spaces/* in them.

openssl x509 -inform der -in *.fitbit.com.cer -out '*.fitbit.com.pem'

cat '*.fitbit.com.pem' 'GTS CA 1D4.pem' 'GTS Root R1.pem' > cacert.pem

4463 · ‎02-16-2022

There is a somewhat annoying solution for mac. Which is to replace the .pem file with the file in the best answer, every time the device bridge is disconnected on mac. I don't know how to create a shortcut for this operation in mac maybe somebody else could do that?

Join us on the Community Forums!

Community Guidelines

Learn the Basics

Join the Community!

Not finding your answer on the Community Forums?

Go to the Help Site

Contact Support

Simulator SSL Problem

JonFitbit

test1231

test1231

zbert

test1231

brunosilvano

Krish_2009

greypse

FitPoint

JRitzman

asztalosdani

LazyLizard

wrytime

obakesan

Guy_

zbert

SarahBass

ac_devel

fitYourLife

Mcwilson63

4463