Hello,
I have a nextcloud instance backed by nextcloudPi which is only available in my local network. So I can’t use let’s encrypt to general a certificate.
During installation (some years ago), nextcloudpi apparently created a self-signed certificate. So when I access my Nextcloud instance via the browser, I get the security prompt. I can explicitly trust this certificate there, so far so good.
Today I installed Les pas photo gallery application on Android. On connect, the app displays a “Site certificate error”. Looking in their readme, it mentions:
About server using self-signed certificate
You need to install your certificates in your phone first. A quick search on instructions points to here and here.
I tried to trust my self-signed certificate on an OS level, but Android 11 refuses to install it. One of the linked articles mentions that in android 11, self-signed certificates need to have CA:TRUE flag set.
Sadly, this flag seems to be not set on the certificate I have.
X509v3 extensions: X509v3 Basic Constraints: CA:FALSE
I wonder now how to approach this problem best.
- Should I create a new certificate with the flag set?
- Where should I put it in my NextcloudPi instance?
- Should this actually be part of the default flow of NextcloudPI?
Thanks in advance!