Adding system-wide trust to a self-signed certificate
-
Hi,
since I use my own Nextcloud instance running on a local network at home, I do not have a trusted certificate for it.
Without it calendar refuses to sync events, while Nextcloud account iself can be added.
I managed to get it working by adding my self-signed cert as a trusted (system wide). But I'm not sure, if its ideal solution, since it might conflict with a base image.
Will it get overwritten by future updates ? Is there any nice solution ? Thanks.
adb push cert.pem /home/phablet/cert.pem # you need to switch system to RW mode (eg. using UT tweak tool) adb shell # switch to root sudo -i # copy certs to trusted cp /home/phablet/cert.pem /usr/share/ca-certificates/ # I'm not sure if it's necessary, but i renamed file to cert.crt, since on my first try I couldn't find it in a list while running the next command # You need to reconfigure trusted certs like this: dpkg-reconfigure ca-certificates # when asked pick "ask" option. You will be presented with a list of all certs. Find yours and select it too and then finish the process. # And voila, it works :-) -
Maybe https://letsencrypt.org/ could be an option for you. They offer free certificates and are a trusted certificate authority.
-
@ingo said in Adding system-wide trust to a self-signed certificate:
Maybe https://letsencrypt.org/ could be an option for you. They offer free certificates and are a trusted certificate authority.
That is an option, if you have public static IP address, but I run Nextcloud on my local home network (on IP 192.168.1.1), so letsencrypt can't verify, that I own that address. They offer similar solutions (as I did) for localhost etc.
Anyway, can anybody tell, if my change will prevail some OTA update ? Thank you.
-
Ah, ok, you only access your nextcloud in your home network and not from outside via some dynamic DNS service. Yeah, then letsencrypt won't work.
From what I understand, changes to the root file system don't survive an OTA update.
-
Just adding a +1 to this issue as I too run a nextcloud on my private network that I access through a VPN so I can't use let's encrypt.
-
Just to let you all know (a year later) no OTA update so far broke my changes to ca-certificates. But it might be a case, that this part of file system simply wasn't updated either and it might get overwritten eventually with the next OTA.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login