Self-Signed certificate error?

jdang · April 24, 2025, 8:58pm

1. What is the issue? Please be detailed.

Host the Odk-Central locally with self-signed certificate.
Trying to preview a form: Gor the error: self-signed certificate

2. What steps can we take to reproduce this issue?

Host the Odk-Central locally with self-signed certificate.
Upload a valid form
Preview the selected form

3. What have you tried to fix the issue?

Nothing yet

4. Upload any forms or screenshots you can share publicly below.

thanks,

Jdang

danbjoseph · April 28, 2025, 1:11pm

This is an advanced configuration option. Did you follow all the steps in the docs? https://docs.getodk.org/central-install-digital-ocean/#using-a-custom-ssl-certificate

I would also read through this thread and the threads it links:

yanokwa · April 29, 2025, 12:14am

I'm pretty sure Enketo won't work with a self-signed cert. You could disable cert verification, but it's a horrible idea as far as security is concerned.

I'm also pretty sure Collect won't work with a self-signed cert unless you bundle it with a custom build of the app. You might be able to use ngrok (or something similar on the server) though.

jdang · April 29, 2025, 8:10pm

@danbjoseph, The problem is that this is the development environment, and we do not have a public domain for this. Therefore, we have to use the self-signed certificate, which is not supported by ODK Central.

Ben_Sefton · April 30, 2025, 3:00am

I use a staging/development server myself and recommend just pointing a sub-domain to the staging environment for this such as staging-odk.domain.extension

jdang · April 30, 2025, 12:34pm

@Ben_Sefton, Can you give me more details on how this works? I am afraid we have to build the development production-grade environment to try ODK-Central.

jdang · April 30, 2025, 5:54pm

This allow me to move forward with my dev enviroment

Ben_Sefton · May 6, 2025, 4:24am

A staging instance shouldn't be any different to running a production instance. You will most likely even benefit from doing so as any forms or other ODK integrations you create will work the same when it comes time for production deployment.
You can also test Central version upgrades on staging before attempting it on your production instance on the chance that a new feature breaks any of your existing forms or API integrations.

Do you have any reason not to run it with SSL under another sub domain?

I haven't modified any of my central instances docker-compose files and you shouldn't have to either.