How to establish a webdav connection with TLS client certificate authentication in Ubuntu?

nautilus webdav tls

5,966

One solution that worked, is using davfs.

Installation

Install davfs

sudo apt-get install davfs2

Configuration

then copy the certificate from the CA (in pem format) to /ect/davfs2/certs and the client certificate (in .p12 format) to /ect/davfs/certs/private and modify the configuration file e.g.

sudo nano /etc/davfs2/davfs2.conf

by uncommenting (removing the #) the lines trust_ca_cert and clientcert and adding the full paths to the respective certificates e.g.

trust_ca_cert         /etc/davfs2/certs/ca.cert.pem
#servercert
clientcert            /etc/davfs2/certs/private/xxx.yyy.com.p12

save the file and exit (Ctrl + O, Ctrl + x in nano) and make sure the clientcert has the correct permissions

sudo su
chmod 0600 /etc/davfs2/certs/private/xxx.yyy.com.p12
exit

Optionally configure credentials file

You can use a credential file located at:

/etc/davfs2/secrets

This way you will not have to enter your password each time. The file has good examples of its syntax, which I will not replicate here.

Usage

To mount the filesystem run

sudo mount -t davfs -o uid=bruni,gid=users https://serveraddress /home/bruni/mountpoint

Drawbacks

The problems with this solution are:

The website offers links in the form davs:// which do not work with the above scenario

(We solved this serverside by providing links in the form file://

Freefilesync returns the following error when I try to synchronize with a folder mounted as above:

Cannot set directory lock for "/path/to/mountpoint".

Cannot write file "/path/to/mountpoint/sync.ffs_lock".

Error Code 13:Permission denied (open)

update To mitigate this, I have switched to rsync.

5,966

Bruni

My about me is currently blank

Updated on September 18, 2022

Comments

Bruni almost 2 years
This answer works nice for establishing webdav or webdavs connections with nautilus.

However, when I try this on a webdav share secured with a self-signed TLS client certificate authentication, I get:

First:
```
The signing certificate authority is not known.
Certificate information:
....
Are you really sure you would like to continue?
```
And after I click on yes:
```
...Unhandled error message: HTTP Error: Error performing TLS handshake: A TLS fatal allert has been received.
```
...and I am never asked for a client certificate. I am on Ubuntu 16.04 with Unity and would preferably like this to work with Nautilus. I need instructions including the installation of the client certificate (and the CA authority).

PS: This question seems related (not identical), but has no answer either.
- Amias about 8 years
  
  whats the CA signing this certificate ?
- Bruni about 8 years
  
  @amiaschanner It is the company I work for (so I would have to install the CA.crt file also). I have not done this. However, in firefox the CA.crt and the client certificate work as they do on win with WebDrive (just mentioning that to clarify that there is no problem with the certificates)
Bruni about 8 years

The Server side definitely has the CA public cert installed. On the client side I followed the instructions of the accepted answer to the link you provided, but I continue to receive the same response. This would imply that Nautilus does not use the central cert store or that I did not follow the instructions correctly (don't think that as I saw the certificate during installation).
Bruni about 8 years

I have also installed these certificates with double clicking in nautilus (hoping that this installs in the cert store that nautilus itself uses)
Amias about 8 years

you might need to logout and back in again to pick up changes, shouldn't need a restart though
Bruni about 8 years

This does not seem to suffice, I receive the same response