To get apps like DAVdroid and MyOwnNotes to connect to your OwnCloud server, you need to import the certificate into your Android’s Trusted Credentials. Android seems to have a bug because it will tell you that you have successfully installed .cer or .crt files when you actually have not, especially if you self-signed the certificate. So, here is how to fix that but you will have to do some work on your OwnCloud server.
When you self-signed your own certificate, you probably missed a few key parts that will require you to make a new certificate for your server. There are two likely causes:
- If your IP or domain name changed, then your certificate will not be accepted by Android. It will see a difference between the name of your website and the name in the certificate.
- In the certificate, CA Flag = TRUE needs to be set but the default when creating a certificate is CA Flag = FALSE. Android will not accept this in a self-signed certificate.
Here are the steps to get yourself working with modifications to existing sources out there:
- Follow this article. You will create your OwnCloud certificates.
- In Step 4, search “CA:FALSE” and change it to CA:TRUE
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:TRUE# Extensions to add to a certificate request
basicConstraints = CA:TRUE
- In Step 4, also search for “[ CA_default ]”. Change the first to the second so that references to the certificates and keys will work.
dir = ./demoCA
dir = /root/SSLCertAuth/
- In Step 4, search “CA:FALSE” and change it to CA:TRUE
- Now, you can install the certificate onto your Android device.
- Automatic – Use CAdroid (suggestion from here)
- Manual:
- Follow these steps to export certificate from your website using Firefox in the .der format.
- Copy to your Android device (I used my OwnCloud server.) and place in your SD Card root directory.
- Follow the steps from this question but be happy that you will not have the same problem!
- Be sure to refresh the certificates of various apps that pointed to OwnCloud
- Browser – visit your website again
- Desktop file sync – Accept the dialog that appear.
- OwnCloud Android App – Attempt to change the password of your account so it will fetch the new certificate.
- CalDav and CardDav Sync – Accept the dialogs that appear.
Sources
- http://ubuntuserverguide.com/2013/04/how-to-setup-owncloud-server-5-with-ssl-connection.html
- http://android.stackexchange.com/questions/61540/self-signed-certificate-install-claims-success-but-android-acts-as-if-cert-isn
- https://davdroid.bitfire.at/faq/entry/importing-a-certificate
- http://www.guyrutenberg.com/2013/03/16/manually-install-ssl-certificate-in-android-jelly-bean/
Thanks, this helped me out alot 🙂