Private Certificates Not Working Android 7.0 Nougat
The app MUST be updated
To allow use of User certificate authorities (a CA certificate not from Verisign or such) the APP must allow in its security settings that user CAs can be used, and there are lots of settings around that.
The link that I posted in the initial OP provides an overview to what need to b done.
No DAVDroid to date have those settings, so for Android 7.0 only trusted certificates can be used, ie. letsencrypt.
Please, compile it in already. It can be tested in the AVD emulator.
Joe last edited by Joe
SO if your DAV server nginx or such has a self signed CA certificate, certificate and private key produced in your dorm room with easy-rsa or openssl
and the ca certificate is added to android settings security install from storage
it appears in android settings user credentials
a trusted certificate you get from someone like letsencrypt, and it works based on the domain name in it and that it is signed by trusted authority appearing in android settings security trusted credentials system. because the certificate is presented by the ip the domain resolves to, there is a chain of trust.
because google wants trusted credentials that are less hackable, the app needs to explicitly allow dorm room ca certificates. Man-in-the-middle attacks on corporate services apps like gmail is now much harder. The user can no longer by stupidity ignore certificate warnings and connect to impersonation sites. if app provider says only trusted, that’s the way it’s gonna be.
The popup to connect to untrusted ca certificate site still appears and you can say ignore
However, an exception is thrown when DAVDroid actually tries to connect
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
A root user certificate can see all traffic, replace ads on your https pages and the alike
Could you please check with DAVdroid 1.3? Both problems (user-installed CAs not trusted by default and the non-working process of accepting custom certificates) should have been solved.
Bernd last edited by
I’ve got the app from F-Droid, there is no update yet.
@Bernd Please check as soon as they have compiled it.
F-Droid claimed they build every 24 h. Since that did not happen, there seems to be some manual action required on their part.
1.3 was published 160902 at 10:22Z, some 37 hours ago.
DAVDroid 1.3-ose is now available from https://f-droid.org and it works for Android 7.0 Nougat
Bernd last edited by
Still got synchronistation errors after the upgrade. I recreated the account and everything works now.
Thanks for the support!