New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow self signed certificates #191

Closed
MetroMarv opened this Issue Jan 30, 2018 · 29 comments

Comments

Projects
None yet
@MetroMarv

MetroMarv commented Jan 30, 2018

Operating system

  • Windows
  • macOS
  • Linux
  • Android
  • iOS

Application

  • Desktop
  • Mobile
  • Terminal

It would be great if the desktop application would support self signed certificates for the Nextcloud integration. I didn't check the other apps yet. Of course it would be even better if all of them support self signed certificates.

@laurent22

This comment has been minimized.

Owner

laurent22 commented Jan 31, 2018

I guess there could be an option for it, at least on the desktop clients (not sure if the mobile framework would allow this), but I'm curious why not use something like Let's Encrypt as certificate? That's what I did for my domain and it works fine.

@thinkpace

This comment has been minimized.

thinkpace commented Feb 2, 2018

I have the same issue. The Nextcloud instance is located in my local network and accessible via https, therefore it's not possible to get a Let's Encrypt certificate and I have to deal with self signed certificates.

I'm using the CLI client for MacOS in version 0.10.90 (prod), furthermore I would like to use the Android client (didn't test it so far).

@johnsaigle

This comment has been minimized.

johnsaigle commented Feb 15, 2018

(MacOS, Desktop) I would also like to see this feature. I am hosting a NextCloud instance on my LAN and it uses a self-signed cert. As a result I'm unable to synchronize with it.

screen shot 2018-02-14 at 7 46 53 pm

@bufferovercat

This comment has been minimized.

bufferovercat commented Feb 15, 2018

+1 with this feature, both linux and android clients. I cant use letsencrypt certs in my nextcloud setup because its not listening on the standard 443 port.

@swizzly

This comment has been minimized.

swizzly commented Feb 22, 2018

+1

@bufferovercat

This comment has been minimized.

bufferovercat commented Feb 27, 2018

While Laurent implements this issue, I am doing a workaround to make it work synchronization on a private nextcloud server.

I changed the nextcloud self certificate to another certificate signed by my own CA. Then I imported the CA public key to my android phone and linux desktop. Android client synchronization to nextcloud is now working fine, but joplin desktop client shows this error:

"request to https://mynextcloudserver/ failed, reason: unable to verify the first certificate (Code UNABLE_TO_VERIFY_LEAF_SIGNATURE)"

I don't understand why this error is happening, since I am not using any intermediate CA.

Checking if the CA is properly installed on the system:

$ openssl s_client -connect mynextcloudserver:443
.
.
.

SSL handshake has read 1646 bytes and written 380 bytes
Verification: OK

Any idea?

@MelBourbon

This comment has been minimized.

MelBourbon commented Mar 19, 2018

+1 I'm not able to open use Joplin as wanted since based on this issue I can not sync with Nextcloud and I only use (and don't want to change) Nextcloud through VPN.

@laurent22 laurent22 referenced this issue Mar 20, 2018

Closed

Can't Sync with Nextcloud 13 #315

0 of 6 tasks complete

@bugsyb bugsyb referenced this issue Mar 28, 2018

Closed

allow custom CA - UNABLE_TO_VERIFY_LEAF_SIGNATURE #343

2 of 8 tasks complete
@NWiogrhkt

This comment has been minimized.

NWiogrhkt commented Apr 1, 2018

+1
since I only access my NextCloud instance locally or via VPN, I have now switched to http (not https). --> I'm fine.

@kromuchi

This comment has been minimized.

kromuchi commented Apr 17, 2018

+1, in order to use it with nextcloud13 on a selfhosted let's encrypt server.

@hitam4450

This comment has been minimized.

hitam4450 commented Apr 18, 2018

solution still pending.....

@lars-sh

This comment has been minimized.

lars-sh commented Apr 18, 2018

+1 on iPhone and Windows

@hitam4450

This comment has been minimized.

hitam4450 commented Apr 20, 2018

Just uninstalled the app ( makes no sense and is of no use) ...until the solution is implemented!

@Heggeg

This comment has been minimized.

Heggeg commented May 2, 2018

+1

@benallan

This comment has been minimized.

benallan commented May 2, 2018

+1
We also have nextcloud set up on a local network and only access it through a VPN.

@xelcho

This comment has been minimized.

xelcho commented May 2, 2018

+1 another private svr on non-std ports....

thx

@bufferovercat

This comment has been minimized.

bufferovercat commented May 2, 2018

Well I am now able to use jopling using a nextcloud server on non standard port. You can use a DNS TXT register in order to verify lets encrypt domain.

https://github.com/nextcloud/nextcloudpi/wiki/How-to-get-certificate-with-Letsencrypt-using-DNS-to-verify-domain

@Dacit

This comment has been minimized.

Dacit commented May 24, 2018

+1

1 similar comment
@seth100

This comment has been minimized.

seth100 commented Jun 2, 2018

+1

@instantlinux

This comment has been minimized.

instantlinux commented Jun 17, 2018

+1, want to use private NextCloud with local root CA (on any client O/S).

@mat-ale

This comment has been minimized.

mat-ale commented Jun 18, 2018

+1

@laurent22 laurent22 closed this in aa7da78 Jun 19, 2018

@laurent22

This comment has been minimized.

Owner

laurent22 commented Jun 19, 2018

The next release will have an option to ignore TSL cert errors on desktop (in Options screen) and CLI (net.ignoreTlsErrors config parameter).

@instantlinux

This comment has been minimized.

instantlinux commented Jun 19, 2018

Could you please add a new feature-request to implement a local root CA (for those of us who distribute a private local-root CA to each of the servers/desktops/notebooks we manage)? Ignoring SSL validation isn't safe, it leaves things open to attacks.

laurent22 added a commit that referenced this issue Jun 20, 2018

@laurent22

This comment has been minimized.

Owner

laurent22 commented Jun 20, 2018

@instantlinux, the next version will also have an option to load custom certificates from directories or from files. I don't think Node/Electron can currently automatically load these certificates.

@instantlinux

This comment has been minimized.

instantlinux commented Jun 20, 2018

Awesome, thanks. There's a Node package root-ssl-cas for this, but I'm not familiar with it. Presumably it works like the Java certificate store, which performs the same thing (for that language) that folks are requesting here.

@instantlinux

This comment has been minimized.

instantlinux commented Jun 23, 2018

Installed version 1.0.103 under Ubuntu, found the new Options screen settings (Custom TLS certificates and Ignore TLS certificate errors) and added the path to my local root CA. Implementation is just what I hoped for: I can install my local root CA cert, and leave the ignore-errors option unchecked. One slight cleanup you might consider: there's a button on that screen to Check synchronisation configuration that doesn't pick up modified settings until you've exited and restarted the app.

@laurent22

This comment has been minimized.

Owner

laurent22 commented Jun 25, 2018

Nice to hear it's working. The Check Sync Config button should indeed these new options, so I've added an issue about it - #646

@seth100

This comment has been minimized.

seth100 commented Jun 26, 2018

I hope it will be added to mobile Android app too.
Thanks for your work!

@benallan

This comment has been minimized.

benallan commented Jul 11, 2018

Thanks a lot for adding this, it's really helpful. I'm also wondering if there is any chance this could be added to the Android client too. Is it better to open a new issue for that, since this one is closed?

@sciurius

This comment has been minimized.

sciurius commented Jul 11, 2018

A new issue sounds like a good idea.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment