Bosse_B
Posts: 836
Joined: Thu Jan 30, 2014 9:53 am

How to set a self-signed server as trusted?

Tue Jul 30, 2019 2:26 pm

I have an Ubuntu 18 LTS server, which is used for Subversion and while setting up Apache Subversion a couple of years ago an SSL certificate was generated and self-signed. Then Svn works OK after each client initially has set the server certificate as trusted as part of first login.

Recently I have added a video server function to this box and it works well to view videos stored here while on other locations via a web interface using https and user login. Both using Chrome and FireFox I have to add a trust for this server on first connection but after that it "just works".

Now I also have a Raspberry Pi running Kodi, which I want to use to view these videos with at my summer home through the TV.
So I have created the strm files pointing to the videos.
But it does not work and the reason is that the server's certificate is not trusted and Kodi seems not to have a way to set it to trusted in its user interface. (I tested on a non-https server without login and then the strm files work...)

So I would like to manually add my home server's self-signed certificate to the list of certs trusted by Raspbian, but I don't really know how...

Is there a procedure I can follow in order to accomplish this?

My server sits on my home LAN with port 443 forwarded to it on the router.
I also have dynamic DNS so the IP address will be connected to unique domain name.

What can I do on the Raspberry to add the trust I need?
Bo Berglund
Sweden

epoch1970
Posts: 3871
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: How to set a self-signed server as trusted?

Tue Jul 30, 2019 4:38 pm

"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

Bosse_B
Posts: 836
Joined: Thu Jan 30, 2014 9:53 am

Re: How to set a self-signed server as trusted?

Tue Jul 30, 2019 9:19 pm

SOLUTION FOUND:

I ended up doing as follows on the Kodi server (RPi3):
- Created a text file myserver.crt in the home dir
- Edited it using nano
- Copied the text of the selfsigned crt file from the server side into nano
- Saved the file
- Copied it as sudo to /usr/local/share/ca-certificates/
- Ran the command sudo update-ca-certificates

When this was done my strm file that would not play earlier worked fine and showed the video via Kodi.
Bo Berglund
Sweden

Return to “Raspbian”