No option to accept self signed certificate #672
Comments
|
I'm not finding a way to remove just that check. Perhaps someone else knows if it's possible, without adding an option to allow any certificate (which probably shouldn't be done). |
|
Well, in this case I would really add the option to allow any certificate. Webdav is specially useful with self-hosted solutions (i.e. nextcloud/owncloud), and in many circumstances this involves a self signed cetificate that works with a dynamic IP. Not many choices here... Could this option be added after advising that this is a risk? |
|
If you have a self-hosted instance, get a certificate using Let's Encrypt. If you manage your server yourself, use the certbot daemon to keep it fresh. If you really want to add a self-signed certificate (and you shouldn't), why not add it directly to Android's cert store? That way it works on all applications. https://support.google.com/pixelphone/answer/2844832?hl=en-GB |
|
Thanks for the points. Unfortunately I do not own a domain. I do not have a fixed IP. Getting a certificate seems impossible under this situation. I have the self signed certificate installed. Still it does not work. Finally, although I perfectly understand the generic statement "you should not use self signed certificates", I am starting to be tired of this mantra. This is my home server that I would like to use when I am on the move (ssh, backups, etc...). Nobody else uses this machine. I install my self signed certificate when on my local network, and I am done forever. Works like charm in many applications: ssh, web, etc... Honestly, I find it difficult to understand why such an easy thing is not allowed after warning the user to be careful with what they are doing... |
|
Without a domain this is indeed impossible. No fixed IP is not a problem, that's my setup too. You just setup a script to run every 5min that changes the IP on DNS, if needed. This is called DDNS, I The script is just Domains are cheap, if you steer clear of memorable names and regular TLD. Having a domain also let's you share stuff with other people, and they don't have to install the self-signed certificate.
Because if you lose control of that private key, you can create a certificate for "github.com" that your devices accept. If you can't assure that https://github.com connects to a Microsoft-owned machine, nothing is true and everything is permitted. It's not that you lose confidentiality for your domain, you lose it for every domain. While the private keys for CA that browsers include by default have the keys under literal lock-and-key, 24h surveillance and the whole shebang. We are veering away from the purpose of this issue, so if @nevenz wants me to shut up please say so. 😀 |
Scratch that, it's possible by overriding I don't know if it's a good idea though. But after supporting the addition of trusted certificates, we might as well support this too. |
@nevenz Can you create a PR? |
|
would be interested in self-signed certificates as well for WebDAV server in the local network... |
|
Syncing with NextCloud through WebDav and the self-signed certificate is the first thing I tested when I installed Orgzly. |
The option "Add trusted certificate" of webdav repository does not allow to use a self signed certificate unless the CN field matches the FQDN. This is inconvenient for dynamic IP servers. Is there any workaround?
The text was updated successfully, but these errors were encountered: