Selfsign certificate with latest Central

1. What is the problem? Be very detailed.
I have installed ODK Central latest version using Docker on Mac OS. Since this is for testing only, i used self certificate in the .env file for SSL certificates. All services are healthy and started and i am able to create forms and assign users to the forms. After using the QR code for importing the settings, when i try to get the form, i am getting an error wrt certifcate validation.
My question is: Is there a way to test this setup without using valid certificates?
2. What app or server are you using and on what device and operating system? Include version numbers.
Latest ODK Central on Docker on Mac OS and ODK Collect 1.25.2
3. What you have you tried to fix the problem?
Not sure where to start!
4. What steps can we take to reproduce the problem?
Should be reproducible once ODK Central is installed with self sign certificate.
5. Anything else we should know or have? If you have a test form or screenshots or logs, attach below.

Most Android versions don't see self-signed certificates as valid. I'd recommend you use https://letsencrypt.org to get a free cert.

1 Like

If that's the only way, this is a killer for our app which runs on a close network and is not allowed to contact letsencrypt for security reasons. Has anyone got arount this limitation? Up to now, I have tested with a DigitalOcean server, and never thought that using a self-signed certificate could be a problem.

How should I understand this one?

https://docs.getodk.org/central-install-digital-ocean/#using-a-custom-ssl-certificate

1 Like

We don't test with self-signed certs.

Central is probably OK with a self-signed cert, but Android, and thus Collect, is probably not. What happens when you try it?

I don't think there are any issues specific to Central with this. I recommend reading through some threads like https://security.stackexchange.com/questions/121163/how-do-i-run-proper-https-on-an-internal-network and https://serverfault.com/questions/964119/enable-https-on-a-private-network to get a feel for the challenges and possible approaches.

I think it's also possible to get a specific Android device to accept a self-signed cert following instructions like these.

3 posts were split to a new topic: Use easy-rsa to set up a self-signed certificate authority for Central