The VideoLAN Forums

I'm a bit lost now and hope to get some help here. I want to stream video from my Synology nas to the vlc app. I want to be my own Certificate Authority. This is what I've done:

1. Created my own root CA certificate
2. Successfully installed root CA cert on my Nexus 5
3. Created CSR on Synology nas
4. Created a signed certificate using the CSR and ny root CA
5. Imported the signed certificate on Synology

When browse to the nas in chrome (on the phone) I can see that the certificate is signed and secure.
But when I try to open a webdav link in vlc it is not working. The important row from the log is probably this:
Certificate verification failure: The certificate is NOT trusted. The certificate issuer is unknown.

Why is this happening and what do I need to do to get it working?

Here comes the complete log:

03-22 19:45:01.209 D/VLC/VideoPlayerActivity(15679): MediaRouter information : android.media.MediaRouter@1950b957
03-22 19:45:01.210 I/VLC/VideoPlayerActivity(15679): No secondary display detected
03-22 19:45:01.256 D/VLC/VideoPlayerActivity(15679): Hardware acceleration mode: 2
03-22 19:45:01.258 D/VLC/VideoPlayerActivity(15679): updateNavStatus: getChapterCountForTitle(0) = -1, getTitleCount() = -1
03-22 19:45:01.355 D/VLC/VideoPlayerActivity(15679): surfaceChanged: Surface(name=null)/@0xa6f2d04
03-22 19:45:01.367 D/VLC/AudioServiceContoller(15679): Service Connected
03-22 19:45:01.403 D/VLC/AudioService(15679): Updating widget
03-22 19:45:01.406 D/VLC/MediaWrapper(15679): Title https://mydyndnsname.org:5006/Film/Filmer/mymovie.avi
03-22 19:45:01.406 D/VLC/MediaWrapper(15679): Artist null
03-22 19:45:01.406 D/VLC/MediaWrapper(15679): Genre null
03-22 19:45:01.406 D/VLC/MediaWrapper(15679): Album null
03-22 19:45:01.406 D/VLC (15679): [ac4a8eb4] core generic: creating audio output
03-22 19:45:01.406 D/VLC (15679): [9dd3fdf4] core audio output: looking for audio output module matching "android_audiotrack": 4 candidates
03-22 19:45:01.406 D/VLC (15679): [9dd3fdf4] core audio output: using audio output module "android_audiotrack"
03-22 19:45:01.407 D/VLC (15679): [ac4a8eb4] core generic: keeping audio output
03-22 19:45:01.407 D/VLC (15679): [9fc387f4] core input: Creating an input for 'https://mydyndnsname.org:5006/Film/Filmer/mymovie.avi'
03-22 19:45:01.417 D/VLC (15679): [ac49bc34] core libvlc: meta ok for (null), need to fetch art
03-22 19:45:01.418 D/VLC (15679): [af698074] core art finder: looking for meta fetcher module matching "any": 0 candidates
03-22 19:45:01.418 D/VLC (15679): [af698074] core art finder: no meta fetcher modules
03-22 19:45:01.418 D/VLC (15679): [ac49bc34] core libvlc: searching art for --- URL ---
03-22 19:45:01.418 D/VLC (15679): [af698074] core art finder: looking for art finder module matching "any": 1 candidates
03-22 19:45:01.418 D/VLC (15679): [af698074] core art finder: no art finder modules matched
03-22 19:45:01.418 D/VLC (15679): [af698074] core art finder: looking for meta fetcher module matching "any": 0 candidates
03-22 19:45:01.418 D/VLC (15679): [af698074] core art finder: no meta fetcher modules
03-22 19:45:01.418 D/VLC (15679): [ac49bc34] core libvlc: searching art for --- URL ---
03-22 19:45:01.418 D/VLC (15679): [af698074] core art finder: looking for art finder module matching "any": 1 candidates
03-22 19:45:01.418 D/VLC (15679): [af698074] core art finder: no art finder modules matched
03-22 19:45:01.418 D/VLC (15679): [ac49bc34] core libvlc: art not found for --- URL ---
03-22 19:45:01.418 D/VLC (15679): [ac49bc34] core libvlc: art not found for --- URL ---
03-22 19:45:01.441 D/VLC (15679): [9fc387f4] core input: using timeshift granularity of 50 MiB, in path '/tmp'
03-22 19:45:01.441 D/VLC (15679): [9fc387f4] core input: `https://user:pass@mydyndnsname.org:5006 ... ymovie.avi' gives access `https' demux `' path `user:pass@mydyndnsname.org:5006/Film/Filmer/mymovie.avi'
03-22 19:45:01.441 D/VLC (15679): [9fc387f4] core input: specified demux `any'
03-22 19:45:01.442 D/VLC (15679): [9fc387f4] core input: creating demux: access='https' demux='any' location='user:pass@mydyndnsname.org:5006/Film/Filmer/mymovie.avi' file='(null)'
03-22 19:45:01.442 D/VLC (15679): [af514194] core demux: looking for access_demux module matching "https": 7 candidates
03-22 19:45:01.442 D/VLC (15679): [af514194] core demux: no access_demux modules matched
03-22 19:45:01.448 D/VLC (15679): [9fc387f4] core input: creating access 'https' location='user:pass@mydyndnsname.org:5006/Film/Filmer/mymovie.avi', path='(null)'
03-22 19:45:01.448 D/VLC (15679): [af514194] core access: looking for access module matching "https": 18 candidates
03-22 19:45:01.449 D/VLC (15679): [af534074] core tls client: looking for tls client module matching "any": 1 candidates
03-22 19:45:01.449 D/VLC (15679): [af534074] gnutls tls client: using GnuTLS version 3.2.21
03-22 19:45:01.558 D/VLC (15679): [af534074] gnutls tls client: loaded 157 trusted CAs
03-22 19:45:01.558 D/VLC (15679): [af534074] core tls client: using tls client module "gnutls"
03-22 19:45:01.558 D/VLC (15679): [af514194] http access: querying proxy for https://user:pass@mydyndnsname.org:5006 ... ymovie.avi
03-22 19:45:01.558 D/VLC (15679): [af514194] http access: no proxy
03-22 19:45:01.558 D/VLC (15679): [af514194] http access: http: server='mydyndnsname.org' port=5006 file='/Film/Filmer/mymovie.avi'
03-22 19:45:01.558 D/VLC (15679): [af514194] http access: user='user'
03-22 19:45:01.559 D/VLC (15679): [af514194] core access: net: connecting to mydyndnsname.org port 5006
03-22 19:45:01.569 D/VLC (15679): [af514194] core access: connection succeeded (socket = 43)
03-22 19:45:01.569 D/VLC (15679): [af534554] gnutls tls session: TLS handshake: Resource temporarily unavailable, try again.
03-22 19:45:01.726 D/VLC (15679): [af534554] gnutls tls session: TLS handshake: A TLS warning alert has been received.
03-22 19:45:01.738 D/VLC (15679): [af534554] gnutls tls session: TLS handshake: Resource temporarily unavailable, try again.
03-22 19:45:01.748 D/VLC (15679): [af534554] gnutls tls session: TLS handshake: Success.
03-22 19:45:01.749 E/VLC (15679): [af534554] gnutls tls session: Certificate verification failure: The certificate is NOT trusted. The certificate issuer is unknown.
03-22 19:45:01.749 D/VLC (15679): [af534554] gnutls tls session: 1 certificate(s) in the list
03-22 19:45:01.750 D/VLC (15679): [af534554] gnutls tls session: no known certificates for mydyndnsname.org
03-22 19:45:01.750 E/VLC (15679): [af534554] core tls session: TLS client session handshake error
03-22 19:45:01.750 E/VLC (15679): [af514194] http access: cannot establish HTTP/TLS session
03-22 19:45:01.769 D/VLC (15679): [af514194] core access: no access modules matched
03-22 19:45:01.769 E/VLC (15679): [9fc387f4] core input: open of `https://user:pass@mydyndnsname.org:5006 ... ymovie.avi' failed
03-22 19:45:01.769 E/VLC (15679): [9fc387f4] core input: Your input can't be opened
03-22 19:45:01.769 E/VLC (15679): [9fc387f4] core input: VLC is unable to open the MRL 'https://user:pass@mydyndnsname.org:5006 ... ymovie.avi'. Check the log for details.
03-22 19:45:01.771 I/VLC/VideoPlayerActivity(15679): MediaPlayerEncounteredError
03-22 19:45:01.795 I/VLC/VideoPlayerActivity(15679): MediaPlayerStopped
03-22 19:45:03.303 D/VLC (15679): [9dd3fdf4] core audio output: removing module "android_audiotrack"
03-22 19:45:03.304 D/VLC/VideoPlayerActivity(15679): Video paused - saving flag
03-22 19:45:03.323 D/VLC/VideoPlayerActivity(15679): surfaceDestroyed
03-22 19:45:03.363 D/VLC/AudioService(15679): Updating widget

Unfortunately, there is no way, except you adding it to the Android CA storage.

Later, we'll allow you to bypass this.

Thanks for answering! As I suspected then. Any ETA on this?
It would be nice to allow "user" certs in VLC. Perhaps also the option to ignore ssl errors completely?

If I remove the CA root cert and instead generate a self signed certificate directly on the nas, which I then import to the Nexus phone, would that work or will that be handled the same?

No ETA, so far.

If you feel like doing a hack, you can recompile VLC with a flag (I think) to disable the certificate check.

@edwardw: sorry for this late reply could you please share some more information about this. What flag and where to add it?

Check the config flags for gnutls in contrib.