Problem import self-signed certificate



  • Hello,

    I get an error when importing my certificate.
    I have this error message :
    "There's no CA flag=TRUE in this certificate, so Android can't import it."

    Unfortunately I can not change my certificate.
    How to do?

    ps: I am french.
    Vincentux.



  • hello, you write that it is your certificate, so why can't you modify it?
    and rly, i do not understand why you must emphasize to be french...



  • I said I'm French for possible mistakes ... :/
    In fact I do not know how and I do not want any broken my install (yunohost). Like other apps (CardDAV I think) happens to import self-signed certificate, I thought you could also do it on your side. If it's too complicated or do not want to, then I will seek another solution.
    Thank you: D



  • I did this by adding
    basicConstraints = CA:TRUE
    to the section of the used extension in the openssl.cnf file (for me in v3_req).

    After this I also had to specify the openssl.cnf file as extension file in the command which is responsible for the certificate signing, e.g.:
    openssl x509 -req -days 365 -sha256 -in cert.csr -signkey cert.key -out cert.crt -extfile /etc/ssl/openssl.cnf



  • Why do we need the CA flag = true? Previous version was without that check... Is this useful because i don't really understand what is it for?



  • Hey. It is not useful for anything, so I think.
    But the app is about importing currently untrusted certificate authorities (CA) to be able to trust them.

    So you could add the CA flag for the certificate (simple, see my second post here)
    or
    create a whole CA chain with Root CA and Immediate CA(s) (more complex, see https://jamielinux.com/docs/openssl-certificate-authority/).


Log in to reply
 

Looks like your connection to Bitfire App Forums was lost, please wait while we try to reconnect.