Untrusted Certificate at Account Setup

jeronemo

Hi guys!

I’m reconfiguring DavDroid to sync with my ownCloud 9.1 Server. I have a SSL-Certificate issued by CA Cert. It also shows correctly if I open the https server URL in the phones browser. But when I setup my server in DAVdroid, I get a random untrusted certificate showing up. I’m shocked and concerned about the saftey with DAVdroid. I uninstalled DAVdroid and reinstalled the latest version from F-Droid. Same problem.

Please let me know where this certificate comes from.

This is my certificate…

rfc2822

Your server certificate is not trustworthy by default. As far as I know, CAcert is not in default trust stores. You can probably check at https://www.ssllabs.com/ssltest/ Maybe you have accepted the certificate in your browser some time ago?

This doesn’t seem to be a DAVdroid problem (because DAVdroid is not related to managing system certificates), so I suggest to either add CAcert to your system certificates, or just verify and accept the certificate in DAVdroid, or use another CA which is trusted by the default Android system (like letsencrypt).

jeronemo

Yes, but why does it show me then this certificate? Can I trust it?

rfc2822

@jeronemo said in Untrusted Certificate at Account Setup:

Yes, but why does it show me then this certificate? Can I trust it?

Because it cannot be trusted automatically. You have to verify it to know whether you can trust it. Please ask your admin (or whoever has used CAcert for your server) for more information.