How to establish a webdav connection with TLS client certificate authentication in Ubuntu?
One solution that worked, is using davfs.
Installation
Install davfs
sudo apt-get install davfs2
Configuration
then copy the certificate from the CA (in pem format) to /ect/davfs2/certs and the client certificate (in .p12 format) to /ect/davfs/certs/private and modify the configuration file e.g.
sudo nano /etc/davfs2/davfs2.conf
by uncommenting (removing the #) the lines trust_ca_cert and clientcert and adding the full paths to the respective certificates e.g.
trust_ca_cert /etc/davfs2/certs/ca.cert.pem
#servercert
clientcert /etc/davfs2/certs/private/xxx.yyy.com.p12
save the file and exit (Ctrl + O, Ctrl + x in nano) and make sure the clientcert has the correct permissions
sudo su
chmod 0600 /etc/davfs2/certs/private/xxx.yyy.com.p12
exit
Optionally configure credentials file
You can use a credential file located at:
/etc/davfs2/secrets
This way you will not have to enter your password each time. The file has good examples of its syntax, which I will not replicate here.
Usage
To mount the filesystem run
sudo mount -t davfs -o uid=bruni,gid=users https://serveraddress /home/bruni/mountpoint
Drawbacks
The problems with this solution are:
- The website offers links in the form davs:// which do not work with the above scenario
(We solved this serverside by providing links in the form file://
-
Freefilesync returns the following error when I try to synchronize with a folder mounted as above:
Cannot set directory lock for "/path/to/mountpoint".
Cannot write file "/path/to/mountpoint/sync.ffs_lock".
Error Code 13:Permission denied (open)
update To mitigate this, I have switched to rsync.
Related videos on Youtube
Comments
-
Bruni almost 2 years
This answer works nice for establishing webdav or webdavs connections with nautilus.
However, when I try this on a webdav share secured with a self-signed TLS client certificate authentication, I get:
First:
The signing certificate authority is not known. Certificate information: .... Are you really sure you would like to continue?
And after I click on yes:
...Unhandled error message: HTTP Error: Error performing TLS handshake: A TLS fatal allert has been received.
...and I am never asked for a client certificate. I am on Ubuntu 16.04 with Unity and would preferably like this to work with Nautilus. I need instructions including the installation of the client certificate (and the CA authority).
PS: This question seems related (not identical), but has no answer either.
-
Amias about 8 yearswhats the CA signing this certificate ?
-
Bruni about 8 years@amiaschanner It is the company I work for (so I would have to install the CA.crt file also). I have not done this. However, in firefox the CA.crt and the client certificate work as they do on win with WebDrive (just mentioning that to clarify that there is no problem with the certificates)
-
-
Bruni about 8 yearsThe Server side definitely has the CA public cert installed. On the client side I followed the instructions of the accepted answer to the link you provided, but I continue to receive the same response. This would imply that Nautilus does not use the central cert store or that I did not follow the instructions correctly (don't think that as I saw the certificate during installation).
-
Bruni about 8 yearsI have also installed these certificates with double clicking in nautilus (hoping that this installs in the cert store that nautilus itself uses)
-
Amias about 8 yearsyou might need to logout and back in again to pick up changes, shouldn't need a restart though
-
Bruni about 8 yearsThis does not seem to suffice, I receive the same response