[Solved] Cannot install the certificate in VPN and apps

Posted by: @tdq

I read here in the forum that I should reduce the validity of the certificate to two years.

That's nonsense and false information.

@tdq Unfortunately I don't use any Google products, so I can't help personally. Usually FireFox needs it's own(!) certificate installation (separate from the OS). You might find this post useful: https://eblocker.org/community/main-forum/certitificae-in-android/#post-4208

THX!

Thank you for the quick reply.

I think for the Firefox 94.1.2 browser in Android 11 I have found the solution. Settings -> via Firefox -> tap 5 times on the logo (debug mode is started) -> in the menu one step back -> Secret Settings -> Use third party CA certificate = true. Now Firefox trusts the certificate you installed before.

But what about the apps that now can't check their certificate? Do I have to define exceptions in the eBlocker?

Posted by: @tdq

I think for the Firefox 94.1.2 browser in Android 11 I have found the solution. Settings -> via Firefox -> tap 5 times on the logo (debug mode is started) -> in the menu one step back -> Secret Settings -> Use third party CA certificate = true. Now Firefox trusts the certificate you installed before.

Thanks for the feedback. We will add this to the Android documentation shortly!

Posted by: @tdq

But what about the apps that now can't check their certificate? Do I have to define exceptions in the eBlocker?

I‘m not sure if I understand your question. You need to install the eBlocker certificate in Android, so all apps using the Android certificate storage are covered by eBlocker. 

In case some Apps use certificate pinning, I‘d recommend to enable the Auto Trust App (see docu) that automatically takes care of whitelisting. In case you rather like to manually set exceptions, please check out the pre-defined Trusted Apps (settings > https > Trusted Apps).

Hope this helps 👍

@benne Fyi: I‘ve just added it to the docu already.
THX for your help @tdq!