Allow self signed certificates

[MetroMarv]

Operating system

• Windows
• macOS
• Linux
• Android
• iOS

Application

• Desktop
• Mobile
• Terminal

It would be great if the desktop application would support self signed certificates for the Nextcloud integration. I didn't check the other apps yet. Of course it would be even better if all of them support self signed certificates.

[laurent22]

I guess there could be an option for it, at least on the desktop clients (not sure if the mobile framework would allow this), but I'm curious why not use something like Let's Encrypt as certificate? That's what I did for my domain and it works fine.

[thinkpace]

I have the same issue. The Nextcloud instance is located in my local network and accessible via https, therefore it's not possible to get a Let's Encrypt certificate and I have to deal with self signed certificates.

I'm using the CLI client for MacOS in version 0.10.90 (prod), furthermore I would like to use the Android client (didn't test it so far).

[johnsaigle]

(MacOS, Desktop) I would also like to see this feature. I am hosting a NextCloud instance on my LAN and it uses a self-signed cert. As a result I'm unable to synchronize with it.

[bufferovercat]

+1 with this feature, both linux and android clients. I cant use letsencrypt certs in my nextcloud setup because its not listening on the standard 443 port.

[swizzly]

+1

[bufferovercat]

While Laurent implements this issue, I am doing a workaround to make it work synchronization on a private nextcloud server.

I changed the nextcloud self certificate to another certificate signed by my own CA. Then I imported the CA public key to my android phone and linux desktop. Android client synchronization to nextcloud is now working fine, but joplin desktop client shows this error:

"request to https://mynextcloudserver/ failed, reason: unable to verify the first certificate (Code UNABLE_TO_VERIFY_LEAF_SIGNATURE)"

I don't understand why this error is happening, since I am not using any intermediate CA.

Checking if the CA is properly installed on the system:

$ openssl s_client -connect mynextcloudserver:443
.
.
.

SSL handshake has read 1646 bytes and written 380 bytes
Verification: OK

Any idea?

[MelBourbon]

+1 I'm not able to open use Joplin as wanted since based on this issue I can not sync with Nextcloud and I only use (and don't want to change) Nextcloud through VPN.

[NWiogrhkt]

+1
since I only access my NextCloud instance locally or via VPN, I have now switched to http (not https). --> I'm fine.

[kromuchi]

+1, in order to use it with nextcloud13 on a selfhosted let's encrypt server.

[hitam4450]

solution still pending.....

[lars-sh]

+1 on iPhone and Windows

[hitam4450]

Just uninstalled the app ( makes no sense and is of no use) ...until the solution is implemented!

[Heggeg]

+1

[benallan]

+1
We also have nextcloud set up on a local network and only access it through a VPN.

[xelcho]

+1 another private svr on non-std ports....

thx

[bufferovercat]

Well I am now able to use jopling using a nextcloud server on non standard port. You can use a DNS TXT register in order to verify lets encrypt domain.

https://github.com/nextcloud/nextcloudpi/wiki/How-to-get-certificate-with-Letsencrypt-using-DNS-to-verify-domain

[Dacit]

+1

[seth100]

+1

[instantlinux]

+1, want to use private NextCloud with local root CA (on any client O/S).

[mat-ale]

+1

[laurent22]

The next release will have an option to ignore TSL cert errors on desktop (in Options screen) and CLI (net.ignoreTlsErrors config parameter).

[instantlinux]

Could you please add a new feature-request to implement a local root CA (for those of us who distribute a private local-root CA to each of the servers/desktops/notebooks we manage)? Ignoring SSL validation isn't safe, it leaves things open to attacks.

[laurent22]

@instantlinux, the next version will also have an option to load custom certificates from directories or from files. I don't think Node/Electron can currently automatically load these certificates.

[instantlinux]

Awesome, thanks. There's a Node package root-ssl-cas for this, but I'm not familiar with it. Presumably it works like the Java certificate store, which performs the same thing (for that language) that folks are requesting here.

[instantlinux]

Installed version 1.0.103 under Ubuntu, found the new Options screen settings (Custom TLS certificates and Ignore TLS certificate errors) and added the path to my local root CA. Implementation is just what I hoped for: I can install my local root CA cert, and leave the ignore-errors option unchecked. One slight cleanup you might consider: there's a button on that screen to Check synchronisation configuration that doesn't pick up modified settings until you've exited and restarted the app.

[laurent22]

Nice to hear it's working. The Check Sync Config button should indeed these new options, so I've added an issue about it - #646

[seth100]

I hope it will be added to mobile Android app too.
Thanks for your work!

[benallan]

Thanks a lot for adding this, it's really helpful. I'm also wondering if there is any chance this could be added to the Android client too. Is it better to open a new issue for that, since this one is closed?

[sciurius]

A new issue sounds like a good idea.