Well.
First things first: custom CA doesn’t weaken security. period.
Second: I found a way to use custom certificate on linux.
I extracted distributed AppImage, and straced the binary.
It turned out obsidian checks nssdb at $HOME/.pki/nssdb/ for certificates.
So you can use certutil to add your custom certificate there.
Example:
certutil -A -n “example.net” -t “CT,C,C” -d /home/generalro/.pki/nssdb/ -i /path/to/ca.pem
After that I was able to use “Remotely Save” plugin with s3 endpoint with custom cert.
I found this thread after spending hours trying to understand why my chinese androind table won’t allow to connect to my selfhosted couchdb server…
I don’t want to create any polemic here but to me it looks like a bug, if Android allows users to add their own CA, why would an application from this ecosystem refuse to use this capability?
I originally thought the issue was with the livesync plugin, that it didn’t support self-signed SSL due to a synchronization error. To my surprise, the root cause was actually Obsidian. This really leaves me speechless.
In my country , if our server isn’t registered, access to port 80 is not allowed by default. There’s no way to use Let’s Encrypt. At the same time, our DDNS service provider is not supported by Certbot, which is a disaster. I have to purchase an additional domain name and manually install the SSL certificate on the server every three months.
I also strongly support this request and need this feature.
If anyone’s still looking for a solution, I whipped up a simple ReVanced patch which can be found here.
The patch enables the Obsidian Android app to trust user-supplied CAs which in turn allows the excellent self-hosted LiveSync plugin to work with self-signed certs.
I’ve done some minimal testing with a few of my own devices and everything seems to work fine.