On Fri, Dec 19, 2014 at 7:13 AM, Benjamin <benjamin10 at gmx.at> wrote: > Hello everyone! > I am quite new to two things: this mailing list and making and working with > certificates > > I want to run a small owncloud on my raspberry pi and tried to make a crt > which I can also use with my mobile devices. Here is the problem: > When i make a certificate either with this instruction: > http://wiki.ubuntuusers.de/CA > or this one: > https://www.prshanmu.com/2009/03/generating-ssl-certificates-with-x509v3-extensions.html > > i have the problem that the cacert has "basicconstriants CA=TRUE" but when i > make a cert by request i got a new cert (as far as i knew, that which i > should use for my nginx webserver) which has CA=FALSE. This is no problem > normally but my Android phone only accepts Certs with CA=TRUE and actually i > don?t know how to make such a certificate?Of course, i could use the cacert > itself but isn?t this insecure and inadequate? You can't install self signed certificates (CA=FALSE). You can install client certificates and CA certificates. See https://support.google.com/nexus/answer/2844832?hl=en. What you should do is create a CA, sign the web server's certificate with your CA, and then install the CA on your Android device. The problem (of the Internet of Things and self-signed certifcates intersecting with Browsers) was recently brought up on the Web App Sec mailing list (see http://lists.w3.org/Archives/Public/public-webappsec/2014Dec/0203.html). There's nothing available at the moment - the Browsers only support the CA Zoo security model. Jeff
