• 1 Post
  • 23 Comments
Joined 6 months ago
cake
Cake day: June 3rd, 2024

help-circle





  • I have a similar setup. I use d.rymcg.tech (a configuration manager for Docker, as well as a collection of open source web services and config templates) and have Traefik (reverse proxy) on a Digital Ocean dropet connected to a VM in my home lab through wireguard. This framework allows me to put authentication and authoriation in front of any apps/services I’m hosting (HTTP basic auth, oauth2, mTLS). This setup allows me to control what is allowed access from outside of my home, without opening any ports.










  • Thanks for your research and the suggestion, @[email protected].

    I wasn’t able to make that work, but I don’t think it was trying to solve the problem I’m having, anyway. That procedure was to add self signed SSL certificate to Android, but my certificate is neither self-signed nor an SSL cert. At least I think not - I find certs very confusing. The cert I’m trying to work with is an mTLS cert, a client cert. It’s not used to establish a secure SSL connections, it’s used to verify that I (the person with the cert) and authorized to use the app.

    Additionally, I’m able to successfully install the cert into Android, but the problem is that it seems to be ignored. The mTLS cert is installed in GrapheneOS’s “VPN & App User Certificate” section, and my CA cert is installed in the “CA Certificate” section. Vanadium, Fennec, and Mull browsers just aren’t using them. :(