1

I want to syncronise my owncloud server with my new Ubuntu Phone. Therefore I would like to use syncevolution. The server uses a self signed certificate which I would have to add to my ca-certificates on the phone /usr/share/ca-certificate. But I get the message that it is a read only filesystem.

Can somebody help me with that issue?

meles
  • 866
  • 9
  • 26

1 Answers1

1

According to the syncevolution doc, the location of the certificates used to authenticate the server is configurable through 'SSLServerCertificates' configuration property.

This property is set by the 'config.ini' files in the home directory:

phablet@ubuntu-phablet:~$ grep -rIn SSLServerCertificates .config/syncevolution/
.config/syncevolution/default/peers/google-calendar-2/config.ini:# SSLServerCertificates = /etc/ssl/certs/ca-certificates.crt:/etc/pki/tls/certs/ca-bundle.crt:/usr/share/ssl/certs/ca-bundle.crt
.config/syncevolution/default/peers/google-contacts-2/config.ini:# SSLServerCertificates = /etc/ssl/certs/ca-certificates.crt:/etc/pki/tls/certs/ca-bundle.crt:/usr/share/ssl/certs/ca-bundle.crt
.config/syncevolution/google-calendar-2/peers/target-config/config.ini:# SSLServerCertificates = /etc/ssl/certs/ca-certificates.crt:/etc/pki/tls/certs/ca-bundle.crt:/usr/share/ssl/certs/ca-bundle.crt
.config/syncevolution/google-contacts-2/peers/target-config/config.ini:# SSLServerCertificates = /etc/ssl/certs/ca-certificates.crt:/etc/pki/tls/certs/ca-bundle.crt:/usr/share/ssl/certs/ca-bundle.crt

So, you can add or edit these configs to additionally point to some .crt in the home dir (which is writable).

Velkan
  • 3,516
  • 4
  • 24
  • 45
  • I was messing around with the settings now for a few days but I couldn't get it to work. I set `SSLServerCertificates="/home/phablet/myserver.crt` but I get this error `First ERROR encountered: transport problem: REPORT 'meta data': Neon error code 1, no HTTP status: Server certificate verification failed: issuer is not trusted`. The only way to come arround this error is to set `SSLVerifyServer = 0` which seems to be no secure option. – meles Apr 06 '15 at 17:01
  • I also didn't get that setting working. I needed to copy it to /usr/share/certificates/ and run dpkg-reconfigure as instructed at http://askubuntu.com/questions/591866/how-can-contacts-and-calendars-be-synchronised/600629#600629 - that's unoptimal however since it requires (temporarily) changing the / to be read/write and also will disappear with the next OTA always. – Timo Jyrinki Sep 07 '15 at 14:28
  • 1
    Now it should be possible to use a certificate created by https://letsencrypt.org so you won't need self signed certificates anymore. – meles Feb 02 '16 at 10:00