Syncthing doesn't use installed CA

Question

Syncthing doesn't use installed CA

nukdokplex opened this issue 9 months ago · 4 comments

What happened

I started my own stdiscosrv and created certs with my CA, which is installed and trusted on all my devices. But Syncthing for Android doesn't use it and doesn't trust my discovery server.

It's strange but my strelaysrv have been trusted except of stdiscosrv.

For note: syncthing trusts it on all my devices

Version Information

App Version: 1.23.7
Syncthing Version: v1.23.7
Android Version: Android 11 (Realme UI 2.0)

Answer 1 · 2023-08-18T11:19:51.000Z

You have installed the certificate using the Android settings, right? At the moment, the only way to make Syncthing use it would likely be to install it into the system storage (which requires root access, see https://forum.syncthing.net/t/x509-certificate-has-expired-or-is-not-yet-valid/17617/7).

Answer 2 · 2023-08-18T15:06:12.000Z

@tomasz1986 Can this Magisk module help me with?
https://github.com/NVISOsecurity/MagiskTrustUserCerts

Answer 3 · 2023-08-18T15:15:58.000Z

Judging by the module description, it looks like it should! However, if you've got Magisk installed, then I assume that the phone is rooted, so you should also be able to simply copy and paste the file using the method from my forum post 😉.

Answer 4 · 2023-08-18T17:18:12.000Z

Syncthing doesn't and can't use any certs provided through the android API, and apparently android doesn't expose them at the system level (would have been a surprise anyway). As in nothing we can do here. For further assistance how to work around it and/or use root to make those certs available at the system leve, please use the forum - https://forum.syncthing.net