Allow user-supplied root certificates (weaken security)

Well.
First things first: custom CA doesn’t weaken security. period.
Second: I found a way to use custom certificate on linux.
I extracted distributed AppImage, and straced the binary.
It turned out obsidian checks nssdb at $HOME/.pki/nssdb/ for certificates.
So you can use certutil to add your custom certificate there.
Example:
certutil -A -n “example.net” -t “CT,C,C” -d /home/generalro/.pki/nssdb/ -i /path/to/ca.pem

After that I was able to use “Remotely Save” plugin with s3 endpoint with custom cert.

Cheers, RO.

1 Like

Hi all,

I found this thread after spending hours trying to understand why my chinese androind table won’t allow to connect to my selfhosted couchdb server…

I don’t want to create any polemic here but to me it looks like a bug, if Android allows users to add their own CA, why would an application from this ecosystem refuse to use this capability?

With that said, what would be a solution here?

2 Likes

I originally thought the issue was with the livesync plugin, that it didn’t support self-signed SSL due to a synchronization error. To my surprise, the root cause was actually Obsidian. This really leaves me speechless.

In my country , if our server isn’t registered, access to port 80 is not allowed by default. There’s no way to use Let’s Encrypt. At the same time, our DDNS service provider is not supported by Certbot, which is a disaster. I have to purchase an additional domain name and manually install the SSL certificate on the server every three months.

I also strongly support this request and need this feature.

AI translate . ai翻译的

1 Like

Hello everyone,

If anyone’s still looking for a solution, I whipped up a simple ReVanced patch which can be found here.

The patch enables the Obsidian Android app to trust user-supplied CAs which in turn allows the excellent self-hosted LiveSync plugin to work with self-signed certs.

I’ve done some minimal testing with a few of my own devices and everything seems to work fine.

Lemme know if you try it!

1 Like

Master, but I’m a novice and I’m Chinese. I communicate through AI. I’m afraid I won’t be able to handle it. But thank you for your efforts.

However, I still hope that the official can support it and not let everyone have to use methods like cracking. Sigh.