Install OwnCloud’s Self-Signed Certificate into Android’s Trusted Credentials

Posted on June 27, 2015 by Brian Agrawal Goodacre

To get apps like DAVdroid and MyOwnNotes to connect to your OwnCloud server, you need to import the certificate into your Android’s Trusted Credentials. Android seems to have a bug because it will tell you that you have successfully installed .cer or .crt files when you actually have not, especially if you self-signed the certificate. So, here is how to fix that but you will have to do some work on your OwnCloud server.

When you self-signed your own certificate, you probably missed a few key parts that will require you to make a new certificate for your server. There are two likely causes:

  1. If your IP or domain name changed, then your certificate will not be accepted by Android. It will see a difference between the name of your website and the name in the certificate.
  2. In the certificate, CA Flag = TRUE needs to be set but the default when creating a certificate is CA Flag = FALSE. Android will not accept this in a self-signed certificate.

Here are the steps to get yourself working with modifications to existing sources out there:

  1. Follow this article. You will create your OwnCloud certificates.
    1. In Step 4, search “CA:FALSE” and change it to CA:TRUE
      1. # This goes against PKIX guidelines but some CAs do it and some software
        # requires this to avoid interpreting an end user certificate as a CA.
        basicConstraints=CA:TRUE
      2. # Extensions to add to a certificate request
        basicConstraints = CA:TRUE
    2. In Step 4, also search for “[ CA_default ]”. Change the first to the second so that references to the certificates and keys will work.
      1. dir             = ./demoCA
      2. dir             = /root/SSLCertAuth/
  2. Now, you can install the certificate onto your Android device.
    1. Automatic – Use CAdroid (suggestion from here)
    2. Manual:
      1. Follow these steps to export certificate from your website using Firefox in the .der format.
      2. Copy to your Android device (I used my OwnCloud server.) and place in your SD Card root directory.
      3. Follow the steps from this question but be happy that you will not have the same problem!
  3. Be sure to refresh the certificates of various apps that pointed to OwnCloud
    1. Browser – visit your website again
    2. Desktop file sync – Accept the dialog that appear.
    3. OwnCloud Android App – Attempt to change the password of your account so it will fetch the new certificate.
    4. CalDav and CardDav Sync – Accept the dialogs that appear.

Sources

This entry was posted in Android, How-To, Nextcloud/OwnCloud and tagged , , , , , , , , , , , , . Bookmark the permalink.

1 Response to Install OwnCloud’s Self-Signed Certificate into Android’s Trusted Credentials

  1. Ernst Neger says:
    August 24, 2015 at 3:41 pm

    Thanks, this helped me out alot 🙂

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s