mike_wooskey

[SOLVED!] That Stack Exchange post was the solution! I had to ask ChatGPT for assistance (e.g., "how do I view the contents of a .crt and a .p12?", "how do I add a CA to a client cert?"), but it worked. Thanks for your help, @[email protected].

I don't think I would have ever thought that my client cert didn't contain the CA, especially because when I clicked on the client cert that was installed in GrapheneOS, it showed me a summary that said it did contain a CA! grrrr

(tagging @[email protected] as he wanted to know the solution)

Wow! That sounds exactly like my issue. I'll try the workaround tomorrow. Thanks, @[email protected].

Thanks for your research and the suggestion, @[email protected].

I wasn't able to make that work, but I don't think it was trying to solve the problem I'm having, anyway. That procedure was to add self signed SSL certificate to Android, but my certificate is neither self-signed nor an SSL cert. At least I think not - I find certs very confusing. The cert I'm trying to work with is an mTLS cert, a client cert. It's not used to establish a secure SSL connections, it's used to verify that I (the person with the cert) and authorized to use the app.

Additionally, I'm able to successfully install the cert into Android, but the problem is that it seems to be ignored. The mTLS cert is installed in GrapheneOS's "VPN & App User Certificate" section, and my CA cert is installed in the "CA Certificate" section. Vanadium, Fennec, and Mull browsers just aren't using them. :(

Thanks for the reply, @[email protected].

I tried to install my client cert in "CA Certificate" but the certificate manager app in GrapheneOS said that it was the wrong kind of cert to be used in "CA Certificate". It is, after all, a client cert, not a CA cert.

:(

All of these replies made me feel a little bit better, but yours especially resonated with me. Thanks.

Thanks for the help and suggestions!

It turns out that my template Debian VM doesn't have a DE in it, and that's why I couldn't forward the GUI from the VM to my local machine: there was not GUI. I installed XFCE on the VM and now I can run XPipe on the VM from my local computer, without XPipe being installed on my local computer: ssh -X user@vm_ip_address xpipe open

I look forward to playing with XPipe - it looks cool and very helpful!

I host a bunch of containers on a few servers, but I don't do any of it from my local computer. I have a VM (Debian) that I ssh into and do everything from there. Shouldn't XPipe work the same on that VM as it would on my local computer? I wouldn't think XPipe would care (or know) if it was running on a VM, as long as that VM has a shell it can integrate with.

But I suppose even if that's true and XPipe works fine in the VM, there is still the issue of displaying the GUI on my local computer.

This seems really cool and might be very helpful to me, but I don't want to install it on my computer. I don't see a docker image for it, though it seems like it would be easy to create one; but this is a GUI app, so how would I run it in a container somewhere and use it via the GUI on my local computer? Or if I install it in its own VM (I use Proxmox), I'd have to use a remote desktop app like vlc or something, right?

I'm a noob at this so there's tons I just don't know.

This is really fascinating. I'm on this journey, too, and do a lot that's similar, but I've not heard of some of what you do/use and some of it sounds beyond my capabilities.

I'm trying to deGoogle/deFAANG/deBigData so I try to host FOSS alternatives to every service I use on the internet, though some services won't be possible or practical (e.g., email).

I host:

• audiobookshelf (to stream and sync podcasts between my devices)
• baikal (to host contacts and calendars)
• cryptpad (for collaborative spreadsheets and kanban, though it does more than this)
• drawio (flowchart-like diagrams
• forgejo (my git repos and oauth2)
• homepage (personal dashboard of services and links)
• invidious (youtube frontend)
• lemmy (duh :) )
• minio (S3 object storage)
• mosquitto (mqtt server)
• nextcloud (can do a lot, but I'm only using it to look at Memories for photo storage and management - I currently selfhost Photostructure, but it's not FOSS)
• peertube (youtube alternative)
• prometheus (metrics monitoring)
• qbittorrent (torrents)
• syncthing (currently only used to sync photos from my pixel to my server, but might be replaced if I switch to a photo management app that has an android app that can sync images)
• tiddlywiki-nodejs (pretty powerful wiki, but I use it just to sync text-based info between devices)
• traefik (reverse proxy in front of everything I host)
• tt-rss (RSS feeds)
• vaultwarden (password management - this is a fork of bitwarden)
• wordpress (for my personal websites)
• xbrowsersync (bookmark syncing between browsers/devices)

I use the d.rymcg.tech framework. It's a little over my head, but the framework makes it pretty easy to use all the apps. It's a bit tricky to add new apps to the framework, but it's fun and all the source is there to learn from and the developer is really nice and really helpful.

Thirded. I self-host it (actually the Vaultwarden fork) and use it on desktop browsers, as a desktop app, and as and Android app (F-Droid). I also store secure notes in it (e.g. end of life instructions for my partner). Very powerful and versatile, and AFAICT, secure.

That sounds crazy, but easy to test. Thanks for the suggestion.