Some musings on the PWA "add to homescreen" feature on Android devices.

[Tim Curtis]

Another thing to try is to set CA:TRUE in the req template in /var/www/util/gen-gert.sh like beow.

Code:

[ req_ext ]
basicConstraints        = critical, CA:TRUE

I don't have an Android device and so not able to test this.

[the_bertrum]

OK, making it a CA worked and it installed correctly on my Pixel6 Android14. Oddly, when using this certificate to secure the player, the "Install Application" command re-appears in chrome on my phone and works correctly, even adding an icon the the app drawer rather than just putting a shortcut on the home screen.  This doesn't happen with the independent CA that I set up to sign the certs on my other players.  However, there now comes the issue that Firefox on all my devices (quite correctly) objects to the fact that we are using a CA certificate as an Identity certificate.  In PKI architecture, that is a circular argument and so insecure.

One step forward, one step back.

I'll keep digging.

[the_bertrum]

Actually, a bit more digging and I find that the "Install Application" command is working in Chrome for all my players as long as they are working over https (either using the automatic method with the CA hack or using my own CA).

Still have the Firefox "CA as Identity" problem with the cert-gen.sh CA hack though.