User CA certificates not used/accepted by Android Element #8783
Comments
ne20002
added
the
T-Defect
ne20002
changed the title
|
I'm having exact same problem. I have my own root certificate installed, which works fine for other apps, including element itself, but not for ntfy notifications specifically. I ran the Troubleshoot Notifications and get all green ticks except Test Push gives SSL Error. |
|
I'm having similar issues. I use Vault PKI managed certificates across my infrastructure with a ttl of one day. Certs are rotated constantly. On my internet facing load balancer, I have let's encrypt certs rotated weekly. Element Android would originally not connect at all on the internal network. I should also note I've installed my root/intermediate certs on the android device itself, however element doesn't seem to respect my certificate store. However, I've found that if I wipe element off my device, then connect on the LAN and relaunch element, I am presented with an accept certificate popup. Once clicking this, I can access matrix on the local network. I can then freely switch between internet and LAN and element will work, until my certificates rotate. My latest test included switching to the LAN, then clearing the element cache, killing the app, then restarting it. This seems to be adequate going forward, I don't have to completely remove element every time. However, I'm uncertain if I needed to do the wipe originally, and be presented with the certificate acceptance popup, or if a simple clearing of the cache while on the lan, then killing the app and restarting it, will always work. |
|
I faced the same problem. Is there any solution without the intervention of developers? I also use self-signed certificates on the local network along with ntfy and element issues an ssl error when testing alerts. |
Doubtful. There likely needs to be a check created that looks at the certificate and allows you to approve it, every time the app starts or the network changes. Better yet, integrate with the local certificate stores on the device and add your certificates there. I imagine this would require a fair amount of code to be changed. The only workaround I've found, is the one I mentioned in my previous post. |
|
Element X is coming ... |
Steps to reproduce
I try to set up my own ntfy server within my home network. The TLS certificate of the ntfy server is signed by my own CA.
Even though the CA root certificate has been added to the phones settings (listed as user CA), the Element Android client refuses to connect to the ntfy server complaining about ntfy's server certificate.
As there is a seeting in Firefox for Android (secret settings) to enable use of user added CA certificates I assume this is missing in Element for Android.
To reproduce:
Checking the notifications within settings in Element Android, all steps except 'push testing' are successful. 'push testing' fails with 'SSL error'.
Outcome
What did you expect?
A CA certificate added by a user to his/her phone shall be trusted. At least an option to enable this in Element Android would be welcome.
What happened instead?
Certificates of CAs added by the user are not accepted.
Your phone model
S10e
Operating system version
T
Application version and app store
No response
Homeserver
No response
Will you send logs?
No
Are you willing to provide a PR?
No
The text was updated successfully, but these errors were encountered: