• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
UBports Robot Logo UBports Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Selfsigned Certificates by a self-managed Certificate Authority

Scheduled Pinned Locked Moved Unsolved Support
3 Posts 2 Posters 198 Views 2 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H Offline
      huben
      last edited by huben 12 Jan 2024, 21:57 1 Dec 2024, 21:31

      Hi folks,
      I'm a new owner of a Volla Phone with having Ubuntu Touch installed.
      I'm still learning how to use the phone and I already have some issues getting my Nextcloud and my Home Assistant to work with the phone. Long story short, somehow I can't get it to trust my Certificate Authority.

      • The System (tried to use the Accounts setting to add the Nextcloud),
      • the App (Thers a Home Assistant App called "Home" in the App store) and
      • the Morph Browser
        don't seem to have any settings to trust private CAs.

      They all three for some reason absolutely ignore the system wide trust stores.
      I imported them, they are shown as being imported (trust list ... yes, its there), but they just are ignored.

      I was also planning to add an Proxy that intercepts the Traffic, but since this also depends on my CA, I already know that this won't work either.

      I remounted the root file system read write and copied the ROOT-Certificate to

      • /usr/local/share/ca-certificates/
      • /etc/ssl/certs/
      • /usr/share/ca-certificates/

      And I tried:

      • trust anchor ROOT-CA.crt ; update-ca-certificates
      • dpkg-reconfigure ca-certificates
      • and I even created a Mozilla Store using certutil and creating nssdb under various folders. (I figure, the Morph Browser is based on Google Chrome, I however do not know what this Browser uses)

      I'm getting a little frustrated with this, since I do not find any way to go further.
      Without the ability of importing my own Certificates the Phone seems to be quite useless to me.
      I don't see any reason behind such an inability anyway.
      Why would someone intentionally leave this out? This would make no sense to me.
      So it might be a bug? A missing feature? - For me it is a base functionality.

      --> Leaving it out just means either using unencrypted connections or handing the certificate signing process over to third party CAs which then would be able to break up those connections.
      Both options do not increase the security in any way.

      Can someone please point me to some solution other than buying commercial certificates or using Let's encrypt?
      I'm not planning to throw all my certificates away (might be around 10) just because I can't import them to a mobile device.
      I don't use my home services in the internet, so I don't need any Internet CA's verifying them.

      Thanks and best regards

      A 1 Reply Last reply 3 Dec 2024, 12:08 Reply Quote 0
      • A Offline
        arubislander @huben
        last edited by 3 Dec 2024, 12:08

        @huben Morph uses QtWebEngine to provide the browsing functionality. And it seems that QtWebEngine bundles its own set of trusted CA's in binary format.

        This would explain why adding your certs does not have any effect.

        πŸ‡¦πŸ‡Ό πŸ‡³πŸ‡± πŸ‡ΊπŸ‡Έ πŸ‡ͺπŸ‡Έ
        Happily running Ubuntu Touch
        Google Pixel 3a (20.04 DEV)
        JingPad (24.04 preview)
        Meizu Pro 5 (16.04 DEV)

        H 1 Reply Last reply 12 Dec 2024, 14:01 Reply Quote 1
        • H Offline
          huben @arubislander
          last edited by 12 Dec 2024, 14:01

          @arubislander
          Thanks mate, I check this out.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post