Requesting support for self-signed SSL certificates.

[lysps]

After upgrading the LiveSync plugin, an encrypted SSL port is now required. However, since I use my own NAS device, managing SSL certificates is quite troublesome for me.

I can set up a self-signed certificate, and my website is not intended for public access. However, due to the self-signed certificate, the SSL connection to CouchDB cannot be recognized by the LiveSync plugin. Only trusted SSL certificates can successfully enable database synchronization.

I hope that in future updates, the LiveSync plugin allows ignoring self-signed certificate errors to proceed with data synchronization.

[lysps]

In my country, personal websites need to be registered with government authorities to open ports 80 and 443, which makes applying for SSL certificates extremely troublesome. Therefore, if self-signed SSL certificates can be used, it would save a lot of hassle.

[azoller1]

If you install the CA into the trust store on your client devices, it should work fine.

[lysps]

I even installed the certificate locally,using a self-signed certificate to access the second-level domain via HTTPS,and the web page had no issues.However,when using the LiveSync plugin,it couldn't connect to the server.

I had to switch to the top-level domain I applied for and the SSL certificate.Every three months,I need to replace the certificate and install it on the server.

I hope to use a self-signed certificate to solve two problems.First,it can extend the certificate's validity period.Second,if I feel that the certificate's validity period is too long and not secure,I would prefer to be able to ignore the certificate warnings and synchronize,because it's my own website and I trust my own certificate.

As I'm a novice and used AI translation,if there's any misunderstanding on my part,please enlighten me.

[lysps]

If you install the CA into the trust store on your client devices, it should work fine.

Unfortunately,self-signed certificates just don't work.I'm not sure if I made some mistake in the process.

However,I can already use HTTPS normally,with a green indicator and no warnings.But the synchronization plugin just won't function.

[L1-0]

Hey man, i hope this message finds you well.

i was just facing an issue with the self signed certificates on Kali-Linux (client side, as a user) myself for some time:

doing sudo nano ~/Desktop/obsidian-livesync.pem to create ther certificate file,
over sudo openssl x509 -in ~/Desktop/obsidian-livesync.pem -out /usr/local/share/ca-certificates/obsidian-livesync.crt to convert it as well as importing it using sudo update-ca-certificates. Whatever i did it would not recognize the issuer with a similar error like the following in the console:

ERROR:cert_verify_proc_builtin.cc(702)] CertVerifyProcBuiltin for livesync.obsidian.local failed:                                                                   r livesync.obsidian.local failed:
----- Certificate i=0 (CN=*.obsidian.local) -----
ERROR: No matching issuer found

What i did to fix this was importing the certificate into my local chromium installation
In Chromium browse to the following menu:
Settings > Privacy and Security > Security > Manage certificates > Authorities > Import
and import the certificate there. Maybe reboot even.

What i can say reading your comments is that lacking any error logs, screenshots or details it makes it very hard to troubleshoot for maintainers. In fact i'm not even sure if you are talking about the client or server side at the moment.

Finishing up, self signed certificates work already (like @azoller1 said), but have to be imported in the right place, check for the certificate store for your OS or the chromium installation on the system.

[lysps]

@L1-0

Sorry, I thought this was a feature that had not been added before, and did not think it might be a bug, so I ignored providing detailed instructions or reporting it.
However, no matter what, I hope that the function of ignoring errors and still executing synchronization can be implemented.

I have completed the installation of self-signed certificates. Below is a description of the specific situation I encountered. If there is any obvious difference, one is the self-signed certificate second-level domain name, and the other is the encrypt certificate and top-level domain name.
Oh, there's one more thing: I used a one-year validity period for one of them, while the other has the default 90-day validity period.

I'm a novice, and the English I use is translated by AI. If there are any inadequacies in my expression, please forgive me.

Besides, I'm not sure if obscuring information is considered impolite when asking questions. Mainly because my skills are rather limited, and exposing the website URL might make it vulnerable to attacks. I believe that all the experts here wouldn't do thing, but this is a public discussion. If I've committed any offensive behavior, please forgive me.

[lysps]

I check the nginx log, there is no relevant content at all.

[lysps]

@vrtmrz
I sincerely hope to get help from you, the expert.
I wasn't sure whether what I reported was an unsupported feature or a bug...

However, I do hope that such a feature can be added.
When I trust this website and its SSL certificate, for example, when it belongs to me personally, I can use the HTTPS connection function while ignoring the certificate warning.

[lysps]

I discover a new situation, not sure if it's related to this issue or not.