Certificate problems on Android clients and local YunoHost Installation

Hi,

I’m having problems with a YunoHost installation on a RaspberryPi that should only be accessible in local network.

My domain name is yunohost.local and my router doesn’t have DNS functionality. So I had to work with editing hosts files on all of my clients to finish installation
The main client I want to use is a smartphone running Android (LineageOS). Unfortunately the main browsers don’t support exceptions for certificate issues.
Also there’s no setting in the Wallabag app, to accept self signed certificates.

This is the situation where I’m lost :frowning:

In my opinion I have only few possibilities left:

  • get a Let’s encrypt certificate for my local domain.
    But how? Even if this would be possible: how could this be installed? YunoHost has disabled the upload button since my DNS settings are not correct. (And the DNS settings can’t be fixed in my opinion)

  • import necessary certificates into Android
    But which are the correct ones? Several tries weren’t successfull

Other ideas?

Any help is appreciated :slight_smile:

Thank you

Hello,
I know that’s not the question, but it would, in my humble opinion, be easier to take a “Yunohost” domain: .ynh.fr,.nohost.me, or.nohost.st !

1 Like

Thanks - it might be easier in the first step. But if you work with a Yunohost domain, you should exactly know what you are doing. With my knowledge it is better not enabling a possibility to get into my home network :slight_smile:

I’ve done some more reading and I believe it is possible to eliminate the problems on the Android device. There are articles that you have to use the basicConstraints extension and set CA to “true” for Android (see
https://stackoverflow.com/questions/37281958/how-to-trust-self-signed-certificate-on-android#answers
https://aboutssl.org/how-to-create-and-import-self-signed-certificate-to-android-device/ or
https://hroy.eu/tips/openSSL/)

In my Yunohost Installation I found a file /etc/yunohost/certs/yunohost.local/openssl.cnf with a line:
basicConstraints=CA:FALSE

But what have I to do, to test this? Change this line to TRUE and create a new certificate with Yunohost-webinterface? Execute the commands of the articles with PuTTY and replace the files crt.pem, ca.pem and key.pem in /etc/yunohost/certs/yunohost.local/?
Is only yunohost.local the only problem or do I have to do the same in the folder yunohost.org?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.