Cadroid ignores my self signed cert



  • Tried to use cadroid to import my self signed cert, but it does not work.
    I get the error: Only selfsigned certs are supported

    Cert I am using: sharedssl.wwserver.net


  • developer

    This is not "a" self-signed certificate, but there is more than one certificate. CAdroid currently only supports configurations with only one certificate that is self-signed.

    $ openssl s_client -connect sharedssl.wwserver.net:443
    CONNECTED(00000003)
    depth=2 C = DE, ST = RP, L = Deidesheim, O = certSign, OU = IT, CN = certSign Root CA, emailAddress = certificate@certsign.eu
    verify error:num=19:self signed certificate in certificate chain
    verify return:0
    ---
    Certificate chain
     0 s:/C=DE/ST=RP/L=Deidesheim/O=Scorpio IT/OU=NET/CN=sharedssl.wwserver.net/emailAddress=cert@scorpio-it.net
       i:/C=DE/ST=RP/L=Deidesheim/O=Scorpio IT/OU=IT/CN=Scorpio IT CA/emailAddress=cert@scorpio-it.net
     1 s:/C=DE/ST=RP/L=Deidesheim/O=certSign/OU=IT/CN=certSign Root CA/emailAddress=certificate@certsign.eu
       i:/C=DE/ST=RP/L=Deidesheim/O=certSign/OU=IT/CN=certSign Root CA/emailAddress=certificate@certsign.eu
     2 s:/C=DE/ST=RP/L=Deidesheim/O=Scorpio IT/OU=IT/CN=Scorpio IT CA/emailAddress=cert@scorpio-it.net
       i:/C=DE/ST=RP/L=Deidesheim/O=certSign/OU=IT/CN=certSign Root CA/emailAddress=certificate@certsign.eu
    ---
    


  • My cert is not 'officially signed' it is self signed by my own CA. The webserver is offering the complete Certificate chain.
    Same problem for certs from CACert (http://www.cacert.org).
    When you offer a tool to import 'selfsigned' or 'unofficial signed' certs, then do it the right way and try to import the complete chain.
    Certificates are 'always' a thing of 'trust'. Who is telling that e.g. 'Verisign' is trustworthy ?


  • developer

    My cert is not 'officially signed' it is self signed by my own CA. The webserver is offering the complete Certificate chain.

    Signed by own CA is not "self-signed" as we use the term. CAdroid is currently only capable to import self-signed certificates with a certificate path length of 1.

    When you offer a tool to import 'selfsigned' or 'unofficial signed' certs, then do it the right way and try to import the complete chain.

    Your application to send a high-quality pull request to handle certificate chains with a chain length >= 1 is accepted herewith. Thanks for your work to improve our open-source application.

    Certificates are 'always' a thing of 'trust'. Who is telling that e.g. 'Verisign' is trustworthy ?

    I don't get your point. Is that in any way related to CAdroid?


  • developer

    CAdroid now supports self-signed standalone certs and CAs. Could you please re-check this with CAdroid 0.9?


Log in to reply
 

Looks like your connection to Bitfire App Forums was lost, please wait while we try to reconnect.