UBports Robot Logo UBports Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Adding system-wide trust to a self-signed certificate

    Scheduled Pinned Locked Moved Support
    6 Posts 3 Posters 726 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
      Reply
      • Reply as topic
      Log in to reply
      This topic has been deleted. Only users with topic management privileges can see it.
      • Z Offline
        zlamalp
        last edited by

        Hi,

        since I use my own Nextcloud instance running on a local network at home, I do not have a trusted certificate for it.

        Without it calendar refuses to sync events, while Nextcloud account iself can be added.

        I managed to get it working by adding my self-signed cert as a trusted (system wide). But I'm not sure, if its ideal solution, since it might conflict with a base image.

        Will it get overwritten by future updates ? Is there any nice solution ? Thanks.

        adb push cert.pem /home/phablet/cert.pem
# you need to switch system to RW mode (eg. using UT tweak tool)
adb shell
# switch to root
sudo -i
# copy certs to trusted
cp /home/phablet/cert.pem /usr/share/ca-certificates/
# I'm not sure if it's necessary, but i renamed file to cert.crt, since on my first try I couldn't find it in a list while running the next command
# You need to reconfigure trusted certs like this:
dpkg-reconfigure ca-certificates
# when asked pick "ask" option. You will be presented with a list of all certs. Find yours and select it too and then finish the process.
# And voila, it works :-)
        1 Reply Last reply Reply Quote 0
        • IngoI Offline
          Ingo
          last edited by

          Maybe https://letsencrypt.org/ could be an option for you. They offer free certificates and are a trusted certificate authority.

          1 Reply Last reply Reply Quote 1
          • Z Offline
            zlamalp
            last edited by

            @ingo said in Adding system-wide trust to a self-signed certificate:

            Maybe https://letsencrypt.org/ could be an option for you. They offer free certificates and are a trusted certificate authority.

            That is an option, if you have public static IP address, but I run Nextcloud on my local home network (on IP 192.168.1.1), so letsencrypt can't verify, that I own that address. They offer similar solutions (as I did) for localhost etc.

            Anyway, can anybody tell, if my change will prevail some OTA update ? Thank you.

            1 Reply Last reply Reply Quote 0
            • IngoI Offline
              Ingo
              last edited by

              Ah, ok, you only access your nextcloud in your home network and not from outside via some dynamic DNS service. Yeah, then letsencrypt won't work.

              From what I understand, changes to the root file system don't survive an OTA update.

              1 Reply Last reply Reply Quote 0
              • A Offline
                Aurze
                last edited by

                Just adding a +1 to this issue as I too run a nextcloud on my private network that I access through a VPN so I can't use let's encrypt.

                1 Reply Last reply Reply Quote 0
                • Z Offline
                  zlamalp
                  last edited by

                  Just to let you all know (a year later) no OTA update so far broke my changes to ca-certificates. But it might be a case, that this part of file system simply wasn't updated either and it might get overwritten eventually with the next OTA.

                  1 Reply Last reply Reply Quote 3
                  • First post
                    Last post