Update cacert.pem for android build

Question

Update cacert.pem for android build

jecxjo opened this issue 3 years ago · 3 comments

The file containing the root SSL certs hasn't been updated since 2018 (4 years). With the issue around Let's Encrypt, any root certs that would have expired since then or are soon to expire will cause any self hosted instance to fail.

Answer 1 · 2022-05-02T20:22:41.000Z

I have the same problem. Do you know how, where and if the file can be replaced?

Edit**
I found it: https://github.com/turtl/android/blob/master/scripts/cacert.pem

Answer 2 · 2022-05-27T18:06:19.000Z

I don't understand how I'm supposed to replace this file. Is there a specific certificate I should put instead ?

Answer 3 · 2023-04-05T17:08:29.000Z

This file:

https://github.com/turtl/android/blob/5d257b701e0980972ca9bf17032b8f1bc51ee41a/scripts/cacert.pem

Needs to be updated with the mozilla bundle found here:

https://curl.se/docs/caextract.html

Which itself contains all of the root CAs listed here:

https://wiki.mozilla.org/CA/Included_Certificates