Qobuz not responding via Naim app

Hi Gents,

Have given it a poke around and there seems to be a certificate issue on the Qobuz server. On the Naim solution we check the validity of certificates before trusting them (aka good security practice) and it’s failing.

I’ll chase this up with Qobuz engineering, but this might correct itself in the next 24hrs.

Regards

Steve

PS. openssl reports:

openssl s_client -connect www.qobuz.com:443 -prexit

CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify error:num=10:certificate has expired
notAfter=May 30 10:48:38 2020 GMT

Certificate chain
0 s:/OU=Domain Control Validated/OU=Gandi Standard Wildcard SSL/CN=.qobuz.com
i:/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2
1 s:/OU=Domain Control Validated/OU=Gandi Standard Wildcard SSL/CN=.qobuz.com
i:/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2
2 s:/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2
i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
3 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

Server certificate
-----BEGIN CERTIFICATE-----
MIIGeDCCBWCgAwIBAgIRAI4/n0oy+CLRXLyJp3Bn4xswDQYJKoZIhvcNAQELBQAw
XzELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEO
MAwGA1UEChMFR2FuZGkxIDAeBgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAy
MB4XDTE5MTAwMTAwMDAwMFoXDTIxMTAyMzIzNTk1OVowXzEhMB8GA1UECxMYRG9t
YWluIENvbnRyb2wgVmFsaWRhdGVkMSQwIgYDVQQLExtHYW5kaSBTdGFuZGFyZCBX
aWxkY2FyZCBTU0wxFDASBgNVBAMMCyoucW9idXouY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAzo8Nz6iTsgVLxeD/91HB7lid5DgMT6P/nMPEUcik
Q01Wy6Qd43VrkPFVX2xLKH2ZThXb5UOrhmPKwaHeov/hdnfUq1KyOawXkxrEyyld
x1OjSxBIs6bLFDj64Oa+l7N0DBpFntt+BIxWlO+VNlLOZn5cVzNQj6Aw55qdpobY
dbQq3TMTBNYpyn6TlOs0n9tccTF7AGZgUP9WPWLvLuRJDahmZ2ckm78dT7laOxK2
/zNkg/ZYxIe/VwpE1TxTruvCyIBOsGZ+kJRrL2bwwJnPgwFut7tIcCKKKUyHoNzR
xyN9ACltpYv/WmNpcL8ucylTQN3avNVpWwBIFN3z6MEkGQIDAQABo4IDLTCCAykw
HwYDVR0jBBgwFoAUs5Cn2MmvTs1hPJ98rV1/Qf1pMOowHQYDVR0OBBYEFLL1FqLe
qZvJpVdL23niUe6gbnh1MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBLBgNVHSAERDBCMDYGCysGAQQB
sjEBAgIaMCcwJQYIKwYBBQUHAgEWGWh0dHBzOi8vY3BzLnVzZXJ0cnVzdC5jb20w
CAYGZ4EMAQIBMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwudXNlcnRydXN0
LmNvbS9HYW5kaVN0YW5kYXJkU1NMQ0EyLmNybDBzBggrBgEFBQcBAQRnMGUwPAYI
KwYBBQUHMAKGMGh0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5kYXJk
U1NMQ0EyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNv
bTAhBgNVHREEGjAYggsqLnFvYnV6LmNvbYIJcW9idXouY29tMIIBgAYKKwYBBAHW
eQIEAgSCAXAEggFsAWoAdgD2XJQv0XcwIhRUGAgwlFaO400TGTO/3wwvIAvMTvFk
4wAAAW2GqZh9AAAEAwBHMEUCIAIZBGTYzC1bsRpzTOuW3xpHyMDDgA+SOIhFKEtQ
Wef8AiEAkbaTKp0FBks7CUnFW8JbvCWrioixY1jSEYULK6fdjqAAdwBElGUusO7O
r8RAB9io/ijA2uaCvtjLMbU/0zOWtbaBqAAAAW2GqZieAAAEAwBIMEYCIQDUYkVz
+jRTUbg+J+8ow28eFn38aht3o5h6Pzx5MGketgIhALJ9IyNPp+2IKslcSY+DptsX
IxnMRhRR481dMLuAjIU0AHcAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT
0wwAAAFthqmYdQAABAMASDBGAiEAlBALA0h5JUh8a78l9kLBtkN4/SDz6S5te+Fm
okEIYM0CIQDa3JkOVh+UrWLeodNqEEbavHbXJ5Jih3uDEPyQl6XENzANBgkqhkiG
9w0BAQsFAAOCAQEAHYIvHGHmxzNrcywO1NFKtKv7Q1TOMNF3HXQahOZrq3E1S85T
aP118Ifmk2bGk7rVOFG1QMfnXdHm0hpOZCfNDsntcIqa8hLY71VlHmGkCvSYagY6
i3pxaT87fM47Qi/6RdF4fBDLtfDjtIJgQOQqBwEKsFne/K4Mn9LGhb0Ukdlcv0oC
w81NYz1/L85zChH5B/LObdXBe5hOenTfMbW9O3pHbIi1JVy5agEfz0HPdQ3FRCmZ
1ZVL0cav08g8tXMOHLBIyy16zOFQ4GiI4mY9njMvdqG7xLgi9Z3e7IEO2qcZWmOg
gMZOQAwGuZdWiqV0y/DGrrl9M2S/XZnreZdghw==
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=Gandi Standard Wildcard SSL/CN=*.qobuz.com
issuer=/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2

No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits

SSL handshake has read 6756 bytes and written 434 bytes

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: A6864A5B22B842211E71B260868258BA6C74FBE6740B3BABFD22C9218985A6F9
Session-ID-ctx:
Master-Key: 5D871AA1DF46620BA5776B2D03897F7ED9DB799DD074C416DF4546E8CB3EFCF14BEEE3E0C9B597134B6E16E14DE91030
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1590871170
Timeout : 300 (sec)
Verify return code: 10 (certificate has expired)

What’s interesting is that after attempting to play Qobuz, my Star’s screen stopped displaying the currently playing items, even after switching back to Tidal. Also the remote stopped working. Could not pause music.

After a deep sleep (holding in power for a while) things works again.

This is a long standing issue with the Star that I have seen on a few occasions. Perhaps it’s related to connection failure to the streaming platforms.

This is why I have tidal and Qobuz both. Qobuz not playing on 555.

I have the same problem through the Uniti Nova. It started on Friday (May 29th). The Qobuz app itself works fine but nothing plays through the Qobuz icon on the Naim App

Same here. I thought my new Atom was bust. Thank goodness for the forum.

Roger

Just checked this morning Qobuz is still down

Still down this morning Steve.

I have the same problem with my my ND 5 XS2 but I don’t think it is on the Qobuz side. My bluesound streamer and my old innuos zen stream Qobuz without any problems and on my phone Qobuz works fine. Must be something in the communication Qobuz -Naim. I sent a message to naim-support yesterday and got confirmation they are working on it

Same issue for me.

Hi guys,

One of the https certificates is still expired On the Qobuz domain, hence the system won’t work while in this state. On devices/code that don’t verify validity of the certificates chain it will work - however that’s not a great idea nowadays. As a test I disabled security checks on one of my devices and it came back to life.

Here is a link to a third party site that shows the problem in a user friendly way:
https://www.sslshopper.com/ssl-checker.html#hostname=Www.qobuz.com

I’ve tried to contact various at Qobuz regarding the problem, but with it being a weekend I suspect this will need to wait till Monday.

Regards

Steve Harris
Software Director
Naim Audio Ltd.

Thanks for keeping us up to date!
Really appreciate your initiative!

Thanks Steve for the link, interesting.

accessing Qobuz through Roon works perfectly well, strange enough
Iver

Yes, it started yesterday with my Unity Atom. I tried resetting the Atom, deleting and reinstalling the app but it’s still not functions properly.

I think I’ve found a workaround by accessing Qobuz with an alternative control point. In particular, I used Lumin and, to my surprise, it worked fine. All I had to do was enter my Qobuz login details. I didn’t try Linn Kazoo, but see no reason that shouldn’t work either.

To use Lumin or Kazoo, once you’ve downloaded the control app, you need to install Bubble UPnP somewhere on your network (mine’s on a NAS) to make the Atom open home compatible. And you need to set it to use upnp not Chromecast.

Hope that helps,

Roger

Same here… horrible. Waiting now

It works via Audirvana too. Or even plugging a Sonos Port into the streamer!
I must say that one of the best things about Naim integrating Qobuz into their streamers was that I didn’t have to use Lumin and Bubble UPnP anymore. In my case Lumin took an age to update the library from my NAS (Synology) and Bubble can quit without notice and you don’t immediately know what’s gone wrong.
But, any port in a storm. Hopefully it’ll be back to normal some time tomorrow.

the strength of the system is its ease of use with the app. Naim. it’s nice that there are alternative solutions, but qobuz must work as before, otherwise it doesn’t make sense … many subscribers will lose in my opinion.

Given that this is hopefully something that Qobuz can fix, I would just use Chromecast or AirPlay for now unless you already have BubbleUPnP server installed somewhere. It may lose you a bit of sound quality, bit as a temporary measure, at least it keeps the music playing.

Another workaround, if you need Hi-Res Qobuz now, is to download mConnect for your iOS device (I don’t know if there’s an Android version). It will cost about £5 from the App Store. It’s simple to set up and will recognise your library as well as Qobuz and Tidal accounts. It plays HiRes files without any problem. The interface requires a little investigation but it’s a worthwhile app as it will also send your music via Chromecast or Bluetooth to most other devices, not just Naim.

P.S. There’s a “lite” version too, which is free, but I don’t know what the limitations are.