Custom CA and android system webview
FYI the reason I'm attemtping to access Traccar via SSL is in order for the 'Find my location' feature to work. No Letsencrypt cert since the nginx host is not public facing.
I suspect that the app doesn't support custom CA by default.
Thanks Anton. I think it's another case of google knows best when it comes to trust!
I haven't done this as yet, but I think one solution would be to push the custom CA cert to the system store (rather than the user's) via adb. As detailed in this post on stackoverflow.
You would probably need a rooted phone for that.
OK I was able to load a custom CA in to the system cert store:
export CA=916eb053.0
adb root
adb shell "mount -o rw,remount /"
adb push $CA /system/etc/security/cacerts/
adb shell "chmod 644 /system/etc/security/cacerts/${CA}"
adb shell "mount -o ro,remount /"
adb rebootThe CA then appeared under system certs in Trusted credentials and I could tap on it and see the cert details as expected. (I'd previously removed it from the user cert store for good measure.) However, apps would not connect to hosts whose cert was signed with that CA. Firefox had, previously, connected when the cert was under the user's trust store, but not with it installed under system.
In case I had converted the cert incorrectly, I even loaded it in to the user store (using the add cert dialog), then downloaded the converted file via adb, and pushed that to the system store directory. Still no joy, though it did again appear in the system cert list.
So, despite successfully pushing the CA cert to the system partition and the cert appearing to be installed, I was not able to get it to work. Works fine as a user cert, but obviously only for those apps that honor that store. A disitinction I'd not encountered before.
My phone is LineageOS/Android 10. I believe things may have become even harder with Android 11.
If I am correct this is not a traccar issue per se but I'm looking for some advice.
I followed the guide on this post to setup reverse ssl proxy.
SSL connection works fine in a browser (firefox) on my phone. However, the Traccar manager app will not connect.
Traccar manager will not connect when I specify https://. I believe this is a webview issue but was looking for confirmation.
I run LineageOS17.1 on my phone with a custom CA installed in Android certificate manager. Firefox is configured to use the system cert store.
With traccar manager, using either the default webview (installed with lineageOS) or the latest google dev android webview, I see the same failure attemtping to connect on the initial page of the app.