[Stixen]

Hi,

I have the latest version of KODI (Nexus) on Windows and Android.

Unfortunately, on both,  I can't connect to my NAS (Synology) via WebDaV (HTTPS), because I have a self-signed certificate.


I have seen, on the KODI Wiki, that I can add my self-signed certificate to the trust store:

"Kodi includes its own bundle of default trusted certificate authorities in the file system/certs/cacert.pem of the Kodi installation.

    1) Copy the file to a new location
    2) Add your certificate (in PEM format) to the end of the new file
    3) Set the environment variable SSL_CERT_FILE to the location of that new file"

-> I have understood that I have to copy the file "cacert.pm" on a new location, right?

-> And then, I have to insert my certificate (PEM format) to the end of the "cacert.pm" file...Right?

But I haven't understood this step:

"Set the environment variable SSL_CERT_FILE to the location of that new file"


-> Where am I supposed to set this "SSL_CERT_FILE"?


-> Moreover, if I disable the check for certificates (with adding "|verifypeer=false" to the end of the URL or remote path of my source), the connection between my phone and my NAS (WebDav HTTPS) will still encrypted or not?

(I have added "|verifypeer=false" to the end of remote path of my source, but I still can't open it...)



Thank you in advance.

[izprtxqkft]

its an environment variable... so...

https://learn.microsoft.com/en-us/powers...rshell-7.3

https://www.computerhope.com/jargon/e/envivari.htm

https://www.digitalcitizen.life/simple-q...variables/

[izprtxqkft]

the verifypeer description - https://curl.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html

[Fuchs2468]

If you are using a synology nas, you should also have a DDNS address with a valid certificate.
Use this address and the connection will work.

[Stixen]

its an environment variable... so...

https://learn.microsoft.com/en-us/powers...rshell-7.3

https://www.computerhope.com/jargon/e/envivari.htm

https://www.digitalcitizen.life/simple-q...variables/

Hi,

But where I am supposed to write or set this variable?

Could you help me with that?

[Stixen]

If you are using a synology nas, you should also have a DDNS address with a valid certificate.
Use this address and the connection will work.

Hi,

Unfortunately, it doesn't work.

Because my IP is a private IP (192.168.XXX.XXX). And outside, I access to my NAS throught the VPN SERVER from DSM...

A certificate for a DDNS can't work for a private IP...

[izprtxqkft]

2 of those links i gave you show you how to set an environment variable

[Stixen]

2 of those links i gave you show you how to set an environment variable

It's a lot of work for someone who doesn't know these things...

Moreover, the 2 links don't explain how to set an environment variable on Android...

And I have added "|verifypeer=false" to the end of remote path of my source, but I still can't open it...
Look:
davs://192.168.XXXX.XXXX/|verifypeer=false:1234/

1234 = port number for webdav secured

On KODI, I didn't find a way to put the "|verifypeer=false" after the port...

Could you help me?

[izprtxqkft]

It's a lot of work for someone who doesn't know these things...

this is of your own doing, normal kodi users do not have to do all this work, this has to do with your nas and how you access it
 

Moreover, the 2 links don't explain how to set an environment variable on Android...

you posted in the windows support section and even though you state you are running windows AND android i found a windows solution based on the post location
 

Could you help me?

 i no longer believe i can help you but the good thing is im not the only one on this forum

best of luck

[proofy]

@Stixen 
I think you've asked a very good question here and I'm surprised that nobody can answer it.

If you add "verifypeer=false", the connection remains encrypted, you just can't be sure that, for example, a "man in the middle" attack is taking place or not. 

by the way, that's my problem right now. I'm using LibreELEC on an Intel device and can't find the place where you can set the environment variables permanently. This is apparently not described in the entire wiki. I need it because I am using a firewall that also inspects SSL traffic.

I have tried the following. I use the addon script to set the environment variable.
In the cacert.pem I have attached my private ca certificate. 

shell:
mkdir /storage/.kodi/addons/aaa.env

mkdir /storage/.kodi/addons/aaa.env/profile.d

echo "export SSL_CERT_FILE='/storage/local/share/ca-certificates/cacert.pem' \nexport CURLOPT_CAINFO=SSL_CERT_FILE \nexport REQUESTS_CA_BUNDLE=$SSL_CERT_FILE" >/storage/.kodi/addons/aaa.env/profile.d/env.profile

reboot

Unfortunately, I can't tell you how to do this on Android.

[izprtxqkft]

I'm using LibreELEC

then you need a LibreELEC solution https://forum.libreelec.tv/thread/12789-...sftp-again

(note LibreELEC is linux so linux solutions will probably work too if you want to go through the effort of repacking the squashfs root of LibreELEC)

[proofy]

Thank you. 

BTW
My solution is working after I change it von env to aaa.env also for addons