Local network installation, certificates and android

Hi, everyone. I’ve installed jitsi on my own server and created my own certificate authority and installed root certificate to android phone. Now it works well in browsers like Firefox and Chrome on desktop and Android. But android app does not work with error: Failed to load config from…

I’ve read a lot of posts, I’ve tried to change timeout from 2.5 seconds to 100 in react code. It does not help. It seems like my certificates lack some configuration.

Can anyone help me with this question?

I’ve found that solution is very easy!

There is xml/network_security_config.xml file in android app
It should look like this:

<network-security-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="false">localhost</domain>
        <domain includeSubdomains="true">Your domain with self signed certificate</domain>
        <trust-anchors>
            <certificates src="system" />
            <certificates src="user" />
        </trust-anchors>
    </domain-config>
</network-security-config>

trust-anchors required to make jitsi meet app trust certificates from user store. After that I’ve installed my self-signed root certificate into android phone and it worked!

1 Like

Hello @pingvincible,

This change seems applied to the master branch

<network-security-config> 
   <base-config> 
      <trust-anchors> 
         <certificates src="system" /> 
         <certificates src="user" /> 
      </trust-anchors> 
   </base-config> 
   <domain-config cleartextTrafficPermitted="true"> 
      <domain includeSubdomains="false">localhost</domain> 
      <domain includeSubdomains="false">10.0.2.2</domain> 
   </domain-config> 
</network-security-config>

Is the includeSubdomains line needed too?

Yes, you can write
<domain includeSubdomains="true">example.com</domain>
and your app will work with subdomains of example.com

Also I’ve found that it is possible to make app trust ca in res folder.
Delete
<certificates src="user" />

to not trust all users certificates and add

<certificates src="@raw/ca" />

where ca.crt is X.509 der certificate, located in res/raw folder

2 Likes

Maybe my modified version a little bit older, I will update to the latest code.