-
|
Problem: The app uses a custom certificate library which doesn't trust the user's trusted root certificates. Use case: I have a custom CA for my services at home (radarr, sonarr etc.) which I sync an ICS feed from. These certificates are short-lived (around 36h), so I need to approve the certificate almost every day. Is there a way to add a trusted certificate authority for this app instead of approving each certificate? I've already added it to the user trusted credentials in Android system settings. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
|
If you add the CA to the trusted certificates (not client certificates, maybe you have done that?), it should be fine. Otherwise, you can have a look at how cert4android saves certficiates and save them there… What is the purpose of certificates that are so short-lived? |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the quick response! I've added it to user trusted CAs, and this works for all my other apps (Chrome, Tautulli, Lunasea etc.), just not this app. I'll try to see if I can add it directly to the keystore for cert4android. The short lived certificates are ideal for my CA since I rely on passive revocation because I don't run a CRL. I use step-ca which encourages this practice. |
Beta Was this translation helpful? Give feedback.
-
|
cert4android should trust system certificates; otherwise it wouldn't trust any connection. Maybe you can find the reason why your added certificates are not trusted somewhere in the code. If you do, just tell us or create a PR :) Thanks! |
Beta Was this translation helpful? Give feedback.
#43