Self-signed CA not work in android app

I have created self signed CA with chain of trust and issue certificates for nc server and collabora online. I have only public(white) ip, not domain. Certificates work well in firefox desktop if I import CA certificate. But after import CA cert throught android settings when I enter servers’s ip in nextcloud app I see error like this: the url does not match hostname on certificate. Common name in cert and entered server ip the same.

If I understood you right, you’ve created a self-signed certificate with the common name of your server only, but want to access the server using its ip address.

This couldn’t work by design of the certificate mechanism, because the ip address isn’t equal to the name. Make sure that you’ve set-up a valid dns entry for your server or create a certificate which contains the domain name AND the ip address of your server to be able to use both.

No, I created certificate with Common name contains server ip and want to use to access server throught ip. It’s work in desktop browsers, but not work in android nextcloud app .

Which ip address have you used to create the certificate? If you want to access the server over the internet the certificate need to contain the ip address of your internet router, if you’re accessing the server over a wifi or vpn connection you most likely need to use the ip address on your lan.

Nevertheless I personally would recommend to use a dyndns service and create a valid Let’s Encrypt certificate instead of fiddling around with ip addresses :wink:

I use public ip in the certificate. I already access my server over the internet. But in app when I enter ip android throw the error.

I think you can get a free subdomain to your static ip address at some DynDNS services.
Than you can use the name and a Lets Encrypt Certificate.

This is no way to verify ip in android through certificate, only domain?

Sorry i do not understand it. But i think for worldwide server you must use global signed and not self signed certificates because e.g. Android only knows the global CAs e.g. Lets Encrypt uses. And i also think Lets Encrypt only allows name based domains and no ip addresses. Also i think it is easier to use Lets Encrypt (certbot) instead of self signed certificates.


This instruction not work for own CA?

Yes. But if it works do you like it to configure each Android Device and get a certificate warning on each browser? Do you not share documents with other people?

Yes, i planned use server like worldwide local storage. Configure few device is not a problem. And I not depend not on Lets Encrypt, not on domain provider. This is truly no way to add own CA in android?