en:server:services:ssl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
en:server:services:ssl [2023/01/07 20:08] – added mkcert and changed every necessary configuration based on mkcert danen:server:services:ssl [2024/05/11 22:05] (current) – [Arch Linux] deleted sudo to be consistent with other tutorials dan
Line 5: Line 5:
 This tutorial is based on the domain ''nextcloud.home''. So change the domain to your specific domain. This tutorial is based on the domain ''nextcloud.home''. So change the domain to your specific domain.
  
-It is also important that the domain address gets redirected from your router. This can also be set in the ''/etc/hosts'' file of your computer, but to reach the domain on every device, it is easier to change this directly in the router:+It is also important that the domain address gets redirected from your router or use [[/en/server/services/adguardhome#dns_rewrites|AdGuardHome]]. This can also be set in the ''/etc/hosts'' file of your computer, but to reach the domain on every device, it is easier to change this directly in the router or [[/en/server/services/adguardhome#dns_rewrites|AdGuardHome]]:
  
 <code> <code>
Line 135: Line 135:
  
 <code> <code>
-sudo trust anchor --store rootCA.pem+trust anchor --store rootCA.pem
 </code> </code>
  
  
 ==== Android ==== ==== Android ====
 +
 +=== User trusted credentials ===
  
 ''Settings'' - ''Security'' - ''Encryption and credentials'' - ''Install a certificate'' ''Settings'' - ''Security'' - ''Encryption and credentials'' - ''Install a certificate''
Line 147: Line 149:
 ''Settings'' - ''Security'' - ''Trusted credentials'' - ''User'' ''Settings'' - ''Security'' - ''Trusted credentials'' - ''User''
  
 +
 +=== System trusted credentials ===
 +
 +If "User trusted credentials" is not enough and you need the certificate in the system, follow the next lines. However, this requires a rooted device: 
 +
 +<code>
 +hashed_name=`openssl x509 -inform PEM -subject_hash_old -in rootCA.pem | head -1` && cp rootCA.pem $hashed_name.0
 +ls $hashed_name.0
 +</code>
 +
 +<code>
 +adb root
 +adb shell mount -o rw,remount /
 +adb push $hashed_name.0 /system/etc/security/cacerts/
 +adb shell chmod 644 /system/etc/security/cacerts/$hashed_name.0
 +adb shell chown root:root /system/etc/security/cacerts/$hashed_name.0
 +adb shell reboot
 +</code>
 +
 +You can also use the Magisk module [[https://github.com/NVISOsecurity/MagiskTrustUserCerts/releases|MagiskTrustUserCerts]] (Android 13) or [[https://github.com/nccgroup/ConscryptTrustUserCerts|ConscryptTrustUserCerts]] (Android 14) which does the same as above.
 +
 +
 +=== Use third party CA certificates for firefox ===
 +
 +You might want to ''Use third party CA certificates'' for Firefox browser:
 +
 +  - Open your browser and scroll to the bottom and click About firefox/iceraven/mull ...
 +  - Click several times on the logo and go back 
 +  - Click on secret settings and enable ''Use third party CA certificates''
  
  
  • en/server/services/ssl.1673122129.txt.gz
  • Last modified: 2023/01/07 20:08
  • by dan