[agwa]

You can install your own CA certificate in the user certificate store, and it will be trusted by Chrome and any other app which opts into user-installed CAs, which should include email and calendar apps.

What is unlikely to work is installing your own CA and using it to intercept traffic between apps and the app-makers' servers. That sucks - you should be able to inspect what your own device is doing - but your use case of using a private PKI for your self-hosted software is definitely supported.

[Brian_K_White]

You should also have the final say in what is NOT trusted. Not merely adding a cert to trust.

[tssva]

You can disable individual system certificates in the "Trusted credentials" settings panel.

[charcircuit]

>That sucks

It's insecure. If you are a bank app you doesn't want other people to be able to steal the users password by installing a new certificate.

[mardifoufs]

How often does this happen on phones? Why do banks still allow desktop usage then?

[charcircuit]

It doesn't matter how often it happens. It's a vulnerability that people will end up being exploited or the data will end up being stolen by another hacker.

Not all banks allow desktop usage. Some banks restrict certain functionality from the web interface since it is less secure.

[feanaro]

It absolutely matters how often it happens. Otherwise we should start imprisoning everyone in the hopes of getting that one serial killer by the same principle. Some cures are worse than the disease.

[zb3]

This is not the same scenario as the user installing a new certificate themselves.

[charcircuit]

Someone's company can install a certificate onto employee's work phones.

[Brian_K_White]

Tough shit. If you are a lot of things you want or don't want a lot of things. It doesn't mean they have a right to the thing they want or don't want.