Adding own certs to connect via WebDAVS/FTPS again

    Has this fix been migrated to other builds too?

    I'm running libreelec on an intel platform and have a need to use a self signed certificate (sophos utm web filtering). Without this certificate present, clients https session are blocked.

    Thanks!

    Hello community

    i have tried adding my self signed synology to get webdavs working correctly on the new build 8.90.005

    However, it is warning me: CCurlFile::Exists - Failed: Peer certificate cannot be authenticated with given CA certificates(60)

    So i tried installing certificates. My Synology nas gives me two certificates: synology-ca-cert.pem and cert.pem

    I have tried copying the synology-ca-cert to the /storage/.config/cacert.pem but that lead to this error:

    CCurlFile::Exists - Failed: SSL peer certificate or SSH remote key was not OK(51)

    The certificate is one signed by synology. ( i connect via a xxxxx.synology.me name)

    Any idea why this might not be working?


    remark: would it be helpul to once connect to the host via SSL?

    That would ask for the ECDSA key fingerprint and will add it to the list of known hosts.

    Edited once, last by mfrank66 (September 19, 2018 at 2:22 PM).

    Quote from chewitt

    That's the idea.

    That works very well with this idea. Even in 2025 with the current versions of LibreELEC ;)

    But: Can you take it a step further? What if the user could simply drop in their own issued certificates without needing to change the names, so that the filenames can remain as boxcert.cer, owncert.pem, and mycert.cer, regardless of whether it is a *.cer or a *.pem file?
    It should be made as simple as possible for the average user. This is already possible with web browsers and operating systems. Just drop in the certificate and it's done.

    Yes, it's quite unfortunate. I always view such responses as a missed opportunity to gain even more reach. This could potentially mean an additional 300,000 users who might have decided to use LibreELEC as a high-performance computing (HPC) solution, especially since the benefits section mentions that "importing server certificates has become even easier with drag and drop."

    My concern is not about the simple renaming of a file, but rather the scenario in which users want to utilize more than just a single private certificate from various sources. I know what I would need to do —> merging and renaming. However, all these intermediate steps could be simplified for users who do not understand why they need to perform certain actions for their internet routers, to which their mass storage devices are connected, to work with their HPC. This is precisely the 300,000 users that could have been gained because it can be really simple. Drag and drop. Even a novice can manage that at this point.

    How do the other developers see this?
    And also the ordinary users, what do you think?