Problems with self signed certificates? (Hostname not verified)

[mahibi]

Since v22.0.0 the talk android app requires every HTTPS certificate to list the server’s name in a special field called the Subject Alternative Name (SAN). Older certificates sometimes listed the server name only in another field called the Common Name (CN). That used to work, but modern systems no longer accept it because it can cause security problems and confusion.

If your certificate does not have a Subject Alternative Name, the app will not trust it, even if the name in the CN looks correct. So if you see the error

Error: Hostname example.com not verified

you’ll need to create or renew your certificate so it includes a Subject Alternative Name that matches your server’s address.

Links with more info on the topic:

https://www.rfc-editor.org/rfc/rfc6125#section-6.4.4 https://groups.google.com/a/chromium.org/g/security-dev/c/IGT2fLJrAeo/m/csf_1Rh1AwAJ https://stackoverflow.com/questions/5935369/how-do-common-names-cn-and-subject-alternative-names-san-work-together https://serverfault.com/questions/745560/subject-not-considered-in-a-certificate-with-san

[themushum]

This issue is the problem I am having with the latest version of Nextcloud Talk on my UnRaid Server connecting via the Android app.

I have enabled Use SSL/TLS on the UnRaid Server as well as tried the provisioning option. No success connecting to the server from the Android app. Get the exact error message referenced above. "Error: Hostname example.com not verified

Is there a work-around without having to expose my server and dockers to the Internet which is the reason I like Talk?