How do I connect my NextCloud account to Ubuntu using a self-signed certificate?
I'm trying to connect my NextCloud account to Ubuntu, so that I can take advantage of the calendar integration and other features. Right now I'm running my own NextCloud server with a self-signed certificate, as I'm trying to avoid relying on any outside authority.
I can access the server from my browser without issues, and I don't mind having to go through the 'untrusted' certificate exception dialog since I'm the one who signed it.
But when I try to connect my NextCloud account to Ubuntu using the "Online Accounts" feature in system Settings, the connection fails with an error message due to "Invalid Certificate."
Is there a way to force Ubuntu to accept my NextCloud server and credentials, even if the certificate is invalid? Is there a way to add the certificate so that Ubuntu will accept it and connect to my server?
networking server ssl nextcloud self-signed
asked Jan 29 at 9:27
Sudo SenseiSudo Sensei
133
add a comment |
I'm trying to connect my NextCloud account to Ubuntu, so that I can take advantage of the calendar integration and other features. Right now I'm running my own NextCloud server with a self-signed certificate, as I'm trying to avoid relying on any outside authority.
I can access the server from my browser without issues, and I don't mind having to go through the 'untrusted' certificate exception dialog since I'm the one who signed it.
But when I try to connect my NextCloud account to Ubuntu using the "Online Accounts" feature in system Settings, the connection fails with an error message due to "Invalid Certificate."
Is there a way to force Ubuntu to accept my NextCloud server and credentials, even if the certificate is invalid? Is there a way to add the certificate so that Ubuntu will accept it and connect to my server?
networking server ssl nextcloud self-signed
asked Jan 29 at 9:27
Sudo SenseiSudo Sensei
133
add a comment |
I'm trying to connect my NextCloud account to Ubuntu, so that I can take advantage of the calendar integration and other features. Right now I'm running my own NextCloud server with a self-signed certificate, as I'm trying to avoid relying on any outside authority.
I can access the server from my browser without issues, and I don't mind having to go through the 'untrusted' certificate exception dialog since I'm the one who signed it.
But when I try to connect my NextCloud account to Ubuntu using the "Online Accounts" feature in system Settings, the connection fails with an error message due to "Invalid Certificate."
Is there a way to force Ubuntu to accept my NextCloud server and credentials, even if the certificate is invalid? Is there a way to add the certificate so that Ubuntu will accept it and connect to my server?
networking server ssl nextcloud self-signed
asked Jan 29 at 9:27
Sudo SenseiSudo Sensei
133
I'm trying to connect my NextCloud account to Ubuntu, so that I can take advantage of the calendar integration and other features. Right now I'm running my own NextCloud server with a self-signed certificate, as I'm trying to avoid relying on any outside authority.
I can access the server from my browser without issues, and I don't mind having to go through the 'untrusted' certificate exception dialog since I'm the one who signed it.
But when I try to connect my NextCloud account to Ubuntu using the "Online Accounts" feature in system Settings, the connection fails with an error message due to "Invalid Certificate."
Is there a way to force Ubuntu to accept my NextCloud server and credentials, even if the certificate is invalid? Is there a way to add the certificate so that Ubuntu will accept it and connect to my server?
networking server ssl nextcloud self-signed
networking server ssl nextcloud self-signed
asked Jan 29 at 9:27
Sudo SenseiSudo Sensei
133
asked Jan 29 at 9:27
Sudo SenseiSudo Sensei
133
asked Jan 29 at 9:27
Sudo SenseiSudo Sensei
133
asked Jan 29 at 9:27
Sudo SenseiSudo Sensei
133
asked Jan 29 at 9:27
Sudo SenseiSudo Sensei
133
133
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
Firefox uses its own certificate store, so it does not affect Online Accounts. But if you add your self-signed certificate to the root trust store of the system, then it should work. This Ask Ubuntu question deals exactly with this: How do I install a root certificate?
answered Jan 29 at 9:41
meskobalazsmeskobalazs
2,2241122
Thank you for the link! From what I can gather, requesting NextCloud to enable SSL using a self-signed certificate doesn't actually produce a unique certificate, rather it uses a pre-installed "snake-oil" certificate that is designed to be rejected. I may have to figure out how to force NextCloud to use a unique certificate before I can install it on my client machine. It's such a hassle, though, so I'm going to go with Let's Encrypt for now. I'm going to mark your response as the answer though!
– Sudo Sensei
Jan 30 at 3:17
add a comment |
Right now I'm running my own NextCloud server with a self-signed certificate, as I'm trying to avoid relying on any outside authority.
Don't. Suddenly you want to share a file with someone else, who doesn't have your certificate.
The web is moving in the direction of TLS within the current PKI infrastructure. Set up Let's Encrypt, and optionally Public Key Pinning to ensure that no thirdparty can issue a new certificate with a new public key without your knowledge, to avoid a MiTM.
answered Jan 29 at 9:47
vidarlovidarlo
10.9k52750
I have to admit that I don't know enough about Let's Encrypt as a service. My understanding with regards to a certificate authority is that you have to 'trust' they are signing a valid certificate, and that a compromised CA can issue fraudulent certificates for MITM attacks (and there's historical precedent for this). What is to prevent Let's Encrypt from being able to covertly perform the same attack?
– Sudo Sensei
Jan 29 at 22:45
Transparency. Every certificate shall be published. Browsers should check against the public issuing protocol, and report any certificates not in the protocol. In addition a website can use public key pinning to pin a specific key.
– vidarlo
Jan 30 at 5:54
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1113761%2fhow-do-i-connect-my-nextcloud-account-to-ubuntu-using-a-self-signed-certificate%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Firefox uses its own certificate store, so it does not affect Online Accounts. But if you add your self-signed certificate to the root trust store of the system, then it should work. This Ask Ubuntu question deals exactly with this: How do I install a root certificate?
answered Jan 29 at 9:41
meskobalazsmeskobalazs
2,2241122
Thank you for the link! From what I can gather, requesting NextCloud to enable SSL using a self-signed certificate doesn't actually produce a unique certificate, rather it uses a pre-installed "snake-oil" certificate that is designed to be rejected. I may have to figure out how to force NextCloud to use a unique certificate before I can install it on my client machine. It's such a hassle, though, so I'm going to go with Let's Encrypt for now. I'm going to mark your response as the answer though!
– Sudo Sensei
Jan 30 at 3:17
add a comment |
Firefox uses its own certificate store, so it does not affect Online Accounts. But if you add your self-signed certificate to the root trust store of the system, then it should work. This Ask Ubuntu question deals exactly with this: How do I install a root certificate?
answered Jan 29 at 9:41
meskobalazsmeskobalazs
2,2241122
Thank you for the link! From what I can gather, requesting NextCloud to enable SSL using a self-signed certificate doesn't actually produce a unique certificate, rather it uses a pre-installed "snake-oil" certificate that is designed to be rejected. I may have to figure out how to force NextCloud to use a unique certificate before I can install it on my client machine. It's such a hassle, though, so I'm going to go with Let's Encrypt for now. I'm going to mark your response as the answer though!
– Sudo Sensei
Jan 30 at 3:17
add a comment |
Firefox uses its own certificate store, so it does not affect Online Accounts. But if you add your self-signed certificate to the root trust store of the system, then it should work. This Ask Ubuntu question deals exactly with this: How do I install a root certificate?
answered Jan 29 at 9:41
meskobalazsmeskobalazs
2,2241122
Firefox uses its own certificate store, so it does not affect Online Accounts. But if you add your self-signed certificate to the root trust store of the system, then it should work. This Ask Ubuntu question deals exactly with this: How do I install a root certificate?
answered Jan 29 at 9:41
meskobalazsmeskobalazs
2,2241122
answered Jan 29 at 9:41
meskobalazsmeskobalazs
2,2241122
answered Jan 29 at 9:41
meskobalazsmeskobalazs
2,2241122
answered Jan 29 at 9:41
meskobalazsmeskobalazs
2,2241122
2,2241122
Thank you for the link! From what I can gather, requesting NextCloud to enable SSL using a self-signed certificate doesn't actually produce a unique certificate, rather it uses a pre-installed "snake-oil" certificate that is designed to be rejected. I may have to figure out how to force NextCloud to use a unique certificate before I can install it on my client machine. It's such a hassle, though, so I'm going to go with Let's Encrypt for now. I'm going to mark your response as the answer though!
– Sudo Sensei
Jan 30 at 3:17
add a comment |
Thank you for the link! From what I can gather, requesting NextCloud to enable SSL using a self-signed certificate doesn't actually produce a unique certificate, rather it uses a pre-installed "snake-oil" certificate that is designed to be rejected. I may have to figure out how to force NextCloud to use a unique certificate before I can install it on my client machine. It's such a hassle, though, so I'm going to go with Let's Encrypt for now. I'm going to mark your response as the answer though!
– Sudo Sensei
Jan 30 at 3:17
Thank you for the link! From what I can gather, requesting NextCloud to enable SSL using a self-signed certificate doesn't actually produce a unique certificate, rather it uses a pre-installed "snake-oil" certificate that is designed to be rejected. I may have to figure out how to force NextCloud to use a unique certificate before I can install it on my client machine. It's such a hassle, though, so I'm going to go with Let's Encrypt for now. I'm going to mark your response as the answer though!
– Sudo Sensei
Jan 30 at 3:17
Thank you for the link! From what I can gather, requesting NextCloud to enable SSL using a self-signed certificate doesn't actually produce a unique certificate, rather it uses a pre-installed "snake-oil" certificate that is designed to be rejected. I may have to figure out how to force NextCloud to use a unique certificate before I can install it on my client machine. It's such a hassle, though, so I'm going to go with Let's Encrypt for now. I'm going to mark your response as the answer though!
– Sudo Sensei
Jan 30 at 3:17
add a comment |
Right now I'm running my own NextCloud server with a self-signed certificate, as I'm trying to avoid relying on any outside authority.
Don't. Suddenly you want to share a file with someone else, who doesn't have your certificate.
The web is moving in the direction of TLS within the current PKI infrastructure. Set up Let's Encrypt, and optionally Public Key Pinning to ensure that no thirdparty can issue a new certificate with a new public key without your knowledge, to avoid a MiTM.
answered Jan 29 at 9:47
vidarlovidarlo
10.9k52750
I have to admit that I don't know enough about Let's Encrypt as a service. My understanding with regards to a certificate authority is that you have to 'trust' they are signing a valid certificate, and that a compromised CA can issue fraudulent certificates for MITM attacks (and there's historical precedent for this). What is to prevent Let's Encrypt from being able to covertly perform the same attack?
– Sudo Sensei
Jan 29 at 22:45
Transparency. Every certificate shall be published. Browsers should check against the public issuing protocol, and report any certificates not in the protocol. In addition a website can use public key pinning to pin a specific key.
– vidarlo
Jan 30 at 5:54
add a comment |
Right now I'm running my own NextCloud server with a self-signed certificate, as I'm trying to avoid relying on any outside authority.
Don't. Suddenly you want to share a file with someone else, who doesn't have your certificate.
The web is moving in the direction of TLS within the current PKI infrastructure. Set up Let's Encrypt, and optionally Public Key Pinning to ensure that no thirdparty can issue a new certificate with a new public key without your knowledge, to avoid a MiTM.
answered Jan 29 at 9:47
vidarlovidarlo
10.9k52750
I have to admit that I don't know enough about Let's Encrypt as a service. My understanding with regards to a certificate authority is that you have to 'trust' they are signing a valid certificate, and that a compromised CA can issue fraudulent certificates for MITM attacks (and there's historical precedent for this). What is to prevent Let's Encrypt from being able to covertly perform the same attack?
– Sudo Sensei
Jan 29 at 22:45
Transparency. Every certificate shall be published. Browsers should check against the public issuing protocol, and report any certificates not in the protocol. In addition a website can use public key pinning to pin a specific key.
– vidarlo
Jan 30 at 5:54
add a comment |
Right now I'm running my own NextCloud server with a self-signed certificate, as I'm trying to avoid relying on any outside authority.
Don't. Suddenly you want to share a file with someone else, who doesn't have your certificate.
The web is moving in the direction of TLS within the current PKI infrastructure. Set up Let's Encrypt, and optionally Public Key Pinning to ensure that no thirdparty can issue a new certificate with a new public key without your knowledge, to avoid a MiTM.
answered Jan 29 at 9:47
vidarlovidarlo
10.9k52750
Right now I'm running my own NextCloud server with a self-signed certificate, as I'm trying to avoid relying on any outside authority.
Don't. Suddenly you want to share a file with someone else, who doesn't have your certificate.
The web is moving in the direction of TLS within the current PKI infrastructure. Set up Let's Encrypt, and optionally Public Key Pinning to ensure that no thirdparty can issue a new certificate with a new public key without your knowledge, to avoid a MiTM.
answered Jan 29 at 9:47
vidarlovidarlo
10.9k52750
answered Jan 29 at 9:47
vidarlovidarlo
10.9k52750
answered Jan 29 at 9:47
vidarlovidarlo
10.9k52750
answered Jan 29 at 9:47
vidarlovidarlo
10.9k52750
10.9k52750
I have to admit that I don't know enough about Let's Encrypt as a service. My understanding with regards to a certificate authority is that you have to 'trust' they are signing a valid certificate, and that a compromised CA can issue fraudulent certificates for MITM attacks (and there's historical precedent for this). What is to prevent Let's Encrypt from being able to covertly perform the same attack?
– Sudo Sensei
Jan 29 at 22:45
Transparency. Every certificate shall be published. Browsers should check against the public issuing protocol, and report any certificates not in the protocol. In addition a website can use public key pinning to pin a specific key.
– vidarlo
Jan 30 at 5:54
add a comment |
I have to admit that I don't know enough about Let's Encrypt as a service. My understanding with regards to a certificate authority is that you have to 'trust' they are signing a valid certificate, and that a compromised CA can issue fraudulent certificates for MITM attacks (and there's historical precedent for this). What is to prevent Let's Encrypt from being able to covertly perform the same attack?
– Sudo Sensei
Jan 29 at 22:45
Transparency. Every certificate shall be published. Browsers should check against the public issuing protocol, and report any certificates not in the protocol. In addition a website can use public key pinning to pin a specific key.
– vidarlo
Jan 30 at 5:54
I have to admit that I don't know enough about Let's Encrypt as a service. My understanding with regards to a certificate authority is that you have to 'trust' they are signing a valid certificate, and that a compromised CA can issue fraudulent certificates for MITM attacks (and there's historical precedent for this). What is to prevent Let's Encrypt from being able to covertly perform the same attack?
– Sudo Sensei
Jan 29 at 22:45
I have to admit that I don't know enough about Let's Encrypt as a service. My understanding with regards to a certificate authority is that you have to 'trust' they are signing a valid certificate, and that a compromised CA can issue fraudulent certificates for MITM attacks (and there's historical precedent for this). What is to prevent Let's Encrypt from being able to covertly perform the same attack?
– Sudo Sensei
Jan 29 at 22:45
Transparency. Every certificate shall be published. Browsers should check against the public issuing protocol, and report any certificates not in the protocol. In addition a website can use public key pinning to pin a specific key.
– vidarlo
Jan 30 at 5:54
Transparency. Every certificate shall be published. Browsers should check against the public issuing protocol, and report any certificates not in the protocol. In addition a website can use public key pinning to pin a specific key.
– vidarlo
Jan 30 at 5:54
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1113761%2fhow-do-i-connect-my-nextcloud-account-to-ubuntu-using-a-self-signed-certificate%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
