How to ignore TLS error on iPhone?

I am on Joplin 10.5.1 with iOS14. I have a self hosted nextcloud server that I am trying to use to sync. My server is not exposed to the Internet (my devices only sync when I’m home on the local network, which is fine) so I have a self signed cert on my server. By checking the “ignore TLS errors” option on my desktop (macOS Big Sur) I can sync perfectly fine. However, there does not seem to be the same option for iOS even though I can access my nextcloud server just fine on mobile via the nextcloud app and web browser. Is there any other way I can get the mobile app to sync or get it to ignore TLS errors?

1 Like

Update: I’ve created my own root certificate and added it to my iPhone as trusted. However, the app still will not connect to my server.

I tried to troubleshoot by adding the root certificate to my trusted list on my desktop and then tried to sync the Joplin desktop app to my server after unchecking the “ignore TLS certificate errors” to see what errors come up but it synched fine with no issues. Not sure why the app still won’t connect

Please talk to Apple.

Not sure what's going on with iOS, but this issue has been reported a few times already. There's nothing we can do on Joplin's side.

Bummer, I’ll reach out to Apple then. Other than this bug, I absolutely love the app on my desktop, thank you. It’s everything I’ve been looking for in a daily use notes app. Wish I was more proficient in development so I could contribute to such a great tool.

I'm pretty sure that Apple's help is rather useless, as it is with most of their "technical" problem solutions. In the last 15 years I haven't found a single useful solution on the apple community forum for any of the technical problems I had. The dev forum is not much better, but who knows, maybe you'll have a better experience than me.

But maybe you have more luck in a react-native (the framework of the Joplin mobile apps) forum or mailing list.

Is there a way for me to implement the react-native tweak described here at all?
"By default, react-native-fetch-blob does NOT allow connection to unknown certification provider since it's dangerous. To connect a server with self-signed certification, you need to add trusty to config explicitly. This function is available for version >= 0.5.3

  trusty : true
.then('GET', '')
.then((resp) => {
  // ...

Changing rn-fetch-blob options wouldn't be enough, you would also need to change the native fetch options.

I think I solved the issue. It turns out that iOS14 implemented even more unannounced SSL/TLS security measures than in iOS13. Mainly, according to this guide, This is what changed when generating your own CA and certs within the csr config file:
"iOS 13 allowed both DNS names and IP addresses to be tagged with DNS entries. It appears that iOS 14 has hardened this verification, and you must really specify DNS names with DNS entries, and IP addresses with IP entries."

This is different than how I've been creating my CAs and I figured was the likely culprit. Apple thought my certs weren't good enough even after I told the devices to trust it. But they don't throw any errors to indicate such. They just let you install your certs without telling you that they won't actually be used.

After following the above guide to the letter, I was able to get iOS 14 to sync just fine to my local NextCloud server. Looks like it properly used the root cert that I installed on the phone.

However, to make things even stranger, now I'm getting an error on the desktop application: "SELF SIGNED CERTIFICATE IN CHAIN" which I haven't gotten before. This is even after specifying a local file path to my trusted cert, enabling it in keychain, etc. Luckily, with the desktop version I can just click the "ignore TLS errors" and be good to go.

So, bottom line, I can now sync iOS 14 to my local Nextcloud with no errors and I can sync the my Big Sur MacOS by ignoring the "SELF SIGNED CERTIFICATE IN CHAIN" error.

Phew, that was a fun few days.

Yep, that's the problem with Apple. They break stuff all the time without proper notifcation. I still don't know why my preference pane no longer works on Catalina. There are no compile or runtime errors. According to the code everything is fine, but it just doesn't work. Just an empty pane. With no messages whatsoever anywhere. Argh.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.