Is https possible without rooting?
-
Hello Guys,
I want to synchronise the calendar on my Android phone with my OwnCloud server, preferably via https. Unfortunately, I can't add self generated certificates to Android, so DAVdroid would accept them. I've read, that's impossible without rooting the phone.
So there are two possibilities:
- Root the phone: Apparently a bit difficult in the moment, because I have a quite new version of the galaxy s3 mini.
- Get a free official certificate Android would accept, e. g. from StartSSL: Isn't possible, because I've no domain for my server, just an IP.
So, it looks impossible for me to connect DAVdroid to my server via https. Or are there some other ways? Like "reducing the security level" of DAVdroid, so I can skip the "Unknown Certificate" warning like in firefox?
Thanks for answers
Gamma
-
Hello Gamma!
Did you try our app CAdroid to convert/import your self signed certificate? It will also check if the cert is valid for Android, since it needs some fields specifically set.
-
Mmh, I tried now (Thanks
), but it complains that there are no certificate for this host. I should use an other certificate or an other hostname. But above, it displays the right information. There is written CN=My.correct.I.P
What I'm doing wrong?
-
@Gamma said:
Mmh, I tried now (Thanks ), but it complains that there are no certificate for this host. I should use an other certificate or an other hostname. But above, it displays the right information. There is written CN=My.correct.I.P
What I'm doing wrong?I have updated the FAQ accordingly:
[Reasons for "Cannot verify hostname"]
- You're using an IP address as Common Name (CN). Using an IP address as host identifier is generally not a good idea (see also RFC 6125, 1.7.2, Identifiers other than fully qualified DNS domain names). Although it's possible, we recommend to use a host name as CN instead. If you really need the host name to be an IP address, you can't use it as CN but have to set a subjAltName with type IPaddr.
-
@Gamma I was able to import self signed cert by placing cert in webserver root directory (/var/www/sslcert.crt) then browsing via chrome on Android to server root directory, in your case https://your.public.IP.address:non-standard-port-if-used. Then it will ask you to accept self signed cert and save it to your trusted credentials. No need to root.
