5.1 KiB
Self-Signed SSL Certificate Support
Since: v1.7.0
Status: ✅ Supported
Overview
Simple Notes Sync now supports connecting to WebDAV servers with self-signed SSL certificates, such as:
- ownCloud/Nextcloud with self-signed certificates
- Synology NAS with default certificates
- Raspberry Pi or home servers
- Internal corporate servers with private CAs
How to Use
Step 1: Export Your Server's CA Certificate
On your server:
- Locate your certificate file (usually
.crt,.pem, or.derformat) - If you created the certificate yourself, you already have it
- For Synology NAS: Control Panel → Security → Certificate → Export
- For ownCloud/Nextcloud: Usually in
/etc/ssl/certs/on the server
Step 2: Install Certificate on Android
On your Android device:
-
Transfer the
.crtor.pemfile to your phone (via email, USB, etc.) -
Open Settings → Security → More security settings (or Encryption & credentials)
-
Install from storage / "Install a certificate"
- Choose "CA certificate"
- Warning: Android will display a security warning. This is normal.
- Tap "Install anyway"
-
Browse to your certificate file and select it
-
Name it something recognizable (e.g., "My ownCloud CA")
-
✅ Done! The certificate is now trusted system-wide
Step 3: Connect Simple Notes Sync
- Open Simple Notes Sync
- Go to Settings → Server Settings
- Enter your
https://server URL as usual - The app will now trust your self-signed certificate ✅
Security Notes
⚠️ Important
- Installing a CA certificate grants trust to all certificates signed by that CA
- Only install certificates from sources you trust
- Android will warn you before installation – read the warning carefully
🔒 Why This is Safe
- You manually install the certificate (conscious decision)
- The app uses Android's native trust store (no custom validation)
- You can remove the certificate anytime from Android Settings
- F-Droid and Google Play compliant (no "trust all" hack)
Troubleshooting
Certificate Not Trusted
Problem: App still shows SSL error after installing certificate
Solutions:
- Verify installation: Settings → Security → Trusted credentials → User tab
- Check certificate type: Must be a CA certificate, not a server certificate
- Restart app: Close and reopen Simple Notes Sync
- Check URL: Must use
https://(nothttp://)
"Network Security Policy" Error
Problem: Android 7+ restricts user certificates for apps
Solution: This app is configured to trust user certificates ✅
If the problem persists, check:
- Certificate is installed in "User" tab (not "System")
- Certificate is not expired
- Server URL matches certificate's Common Name (CN) or Subject Alternative Name (SAN)
Self-Signed vs. CA-Signed
| Type | Installation Required | Security |
|---|---|---|
| Self-Signed | ✅ Yes | Manual trust |
| Let's Encrypt | ❌ No | Automatic |
| Private CA | ✅ Yes (CA root) | Automatic for all CA-signed certs |
Alternative: Use Let's Encrypt (Recommended)
If your server is publicly accessible, consider using Let's Encrypt for free, automatically-renewed SSL certificates:
- No manual certificate installation needed
- Trusted by all devices automatically
- Easier for end users
Setup guides:
Technical Details
Implementation
- Uses Android's Network Security Config
- Trusts both system and user CA certificates
- No custom TrustManager or hostname verifier
- F-Droid and Play Store compliant
Configuration
File: android/app/src/main/res/xml/network_security_config.xml
<base-config>
<trust-anchors>
<certificates src="system" />
<certificates src="user" /> <!-- ← Enables self-signed support -->
</trust-anchors>
</base-config>
FAQ
Q: Do I need to reinstall the certificate after app updates?
A: No, certificates are stored system-wide, not per-app.
Q: Can I use the same certificate for multiple apps?
A: Yes, once installed, it works for all apps that trust user certificates.
Q: How do I remove a certificate?
A: Settings → Security → Trusted credentials → User tab → Tap certificate → Remove
Q: Does this work on Android 14+?
A: Yes, tested on Android 7 through 15 (API 24-35).
Related Issues
- GitHub Issue #X - User request for ownCloud support
- Feature Analysis - Technical analysis
Need help? Open an issue on GitHub