Trust User's Root Certificate Store

[open-contracts]

Description

At least on android, the metamask browser does not trust ssl (root) certs that were manually installed by the user into their device's trust store. This behavior is different from literally every other mobile browser, and locks the user into relying exclusively on the (centralized) list of root certs provided by the metamask team, if they want to use their wallet. It is also different from the desktop behaviour, where the extension works on sites whose certs were signed by an authority the user chose to trust.

This is also the only reason why our new smart contract oracle platform based on enclaves (which requires trusting a root cert generated inside the first enclave) does not work on mobile right now.

Can we change this?

Technical Details

Change the ssl trust store to use the devices system trust store.

Acceptance Criteria

The user must be able to manually add ssl root certs that the metamask browser will accept.

[EugeneSnikhovskiy]

+1 There are some cases when bussines need to have private self-hosted site with access by IP. There are no way to create trusted certificate for IP without domain. And if user buy domain and cert, he will lose anonymity. If this solution is not acceptable by MetaMask team, maybe there is a way to create new feature to add user certs to MetaMask mobile from UI

[xtensa]

+1 Metamask should give at least the possibility to add custom root CA to use with testnets. How else one could test/debug custom dapp before it is installed on the domain with proper certificate?

[armanal]

+1 any updates on this issue?

[zhu-maofeng]

Yes, may I ask if the team has resolved this issue so far

[Kampe]

I would also like to know the status of this?