UBports Robot Logo UBports Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Adding system-wide trust to a self-signed certificate

    Scheduled Pinned Locked Moved
    Support
    3
    6
    618
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zlamalp
      last edited by

      Hi,

      since I use my own Nextcloud instance running on a local network at home, I do not have a trusted certificate for it.

      Without it calendar refuses to sync events, while Nextcloud account iself can be added.

      I managed to get it working by adding my self-signed cert as a trusted (system wide). But I'm not sure, if its ideal solution, since it might conflict with a base image.

      Will it get overwritten by future updates ? Is there any nice solution ? Thanks.

      adb push cert.pem /home/phablet/cert.pem
# you need to switch system to RW mode (eg. using UT tweak tool)
adb shell
# switch to root
sudo -i
# copy certs to trusted
cp /home/phablet/cert.pem /usr/share/ca-certificates/
# I'm not sure if it's necessary, but i renamed file to cert.crt, since on my first try I couldn't find it in a list while running the next command
# You need to reconfigure trusted certs like this:
dpkg-reconfigure ca-certificates
# when asked pick "ask" option. You will be presented with a list of all certs. Find yours and select it too and then finish the process.
# And voila, it works :-)
      1 Reply Last reply Reply Quote 0
      • IngoI
        Ingo
        last edited by

        Maybe https://letsencrypt.org/ could be an option for you. They offer free certificates and are a trusted certificate authority.

        1 Reply Last reply Reply Quote 1
        • Z
          zlamalp
          last edited by

          @ingo said in Adding system-wide trust to a self-signed certificate:

          Maybe https://letsencrypt.org/ could be an option for you. They offer free certificates and are a trusted certificate authority.

          That is an option, if you have public static IP address, but I run Nextcloud on my local home network (on IP 192.168.1.1), so letsencrypt can't verify, that I own that address. They offer similar solutions (as I did) for localhost etc.

          Anyway, can anybody tell, if my change will prevail some OTA update ? Thank you.

          1 Reply Last reply Reply Quote 0
          • IngoI
            Ingo
            last edited by

            Ah, ok, you only access your nextcloud in your home network and not from outside via some dynamic DNS service. Yeah, then letsencrypt won't work.

            From what I understand, changes to the root file system don't survive an OTA update.

            1 Reply Last reply Reply Quote 0
            • A
              Aurze
              last edited by

              Just adding a +1 to this issue as I too run a nextcloud on my private network that I access through a VPN so I can't use let's encrypt.

              1 Reply Last reply Reply Quote 0
              • Z
                zlamalp
                last edited by

                Just to let you all know (a year later) no OTA update so far broke my changes to ca-certificates. But it might be a case, that this part of file system simply wasn't updated either and it might get overwritten eventually with the next OTA.

                1 Reply Last reply Reply Quote 2
                • First post
                  Last post