Using Self Signed Certificates - lgallard/qBittorrent-Controller GitHub Wiki

Due to Google is now more strict in the handling of SSL certificates in Android, they forced developers stop using insecure implementations for self-signed certificates. To accomplish this now you must generate a BouncyCastle Keystore (BKS) to use self-signed certificates with qBittorrent Controller.

This document explains how to generate the self-signed certificate, how to create a BKS file with that certificate, and how to use it in qBittorrent Controller.

Self-signed certificate generation

  1. Generate a Private Key
openssl genrsa -des3 -out qbserver.key 1024

  1. Generate a CSR (Certificate Signing Request)

    openssl req -new -key qbserver.key -out qbserver.csr

    Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]: FL
Locality Name (eg, city) [Newbury]:Miami
Organization Name (eg, company) [My Company Ltd]: None Ltd
Organizational Unit Name (eg, section) []: Information Technology
Common Name (eg, your name or your server's hostname) []: your.domain.com
Email Address []: [email protected]
Please enter the following 'extra' attributes
 to be sent with your certificate request
A challenge password []:
An optional company name []:

  2. Remove Passphrase from Key

    cp qbserver.key qbserver.key.org
openssl rsa -in qbserver.key.org -out qbserver.key

  3. Generating a Self-Signed Certificate

    openssl x509 -req -days 730 -in qbserver.csr -signkey qbserver.key -out qbserver.crt

Creating the BKS keystore using Portecle

Portecle is a user friendly GUI application for creating, managing and examining keystores and more. This is the easies way.

You can download Portecle from here, the follow these steps:

New Keystore

======= **Click here to see the remaining screenshots** =======

BKS Import Trusted Certificate qbserver.crt Could not establish... Certificate deteails Accept the certificate? Alias Import sucessful Imported certificate Save Keystore Set Keystore Password Save Keystore As

Creating the BKS keystore using keytool

Download the latest Bouncy Castle Provider from here. This examples uses version jdk15on-154

wget https://www.bouncycastle.org/download/bcprov-jdk15on-154.jar

keytool -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath ./bcprov-jdk15on-154.jar -importcert -v -trustcacerts -file qbserver.crt -alias your.domain.com -keystore qbc.bks -storetype BKS -storepass 'testtest'

Using the BKS keystore in qBittorrent Controller

  1. In Settings configure your hostname

  2. And then go to Advanced settings

  3. In Advanced, enable the https

  4. Then touch on Self-signed certificate keystore

    Settings Enable https

  5. Browse to the directory paths where the keystore was saved

  6. Choose the keystore file:

    Download directory Keystore

  7. Check you chose the correct keystore file

    Cert path

  8. Set your keystore password (or leave it blank if it doesn't apply)

References

⚠️ **GitHub.com Fallback** ⚠️