In my home network, I have my own PKI.
My own CA is used to generate valid certificat for any devices using https or TLS protocol.
The own Root CA is installed on every device for certificate validation.
(no let’s encrypt nor self signed cert)
Everything is running fine !
Only exception is Home Assistant !
I don’t know how to install my own Root CA certificate on HassIO and keep it running after reboot/upgrade.
Without it, I must disables SSL check while the certificate is valid (once the CA in trusted).
Could you please profid the process to add a Trusted Root CA ?
Thank in advance
FreeTHX
I also wanted to use my own ca certs. Looking through the home assistant source code a bit (note that I’m not contributor yet) it seems that the ca certs are set with help of the certifi python module. I could not find a way to add my own cert the proper way, so I came up with the following hack. I have a add_cacert.py script which I run before starting home assistant. I’m using the docker image and have no experience with the an hassio installation, so you might have to adopt it.
Since I use a docker-compose file I could simply override the Cmd with adding the following line:
command: sh -c "/certs/add_cacert.py && python -m homeassistant --config /config"
Note you have to add a persistent volume mounted on /certs in the container for this to work.
I assume you know what you’re doing since you have your own PKI, but there are a few draw backs to this hack: Every-time the Cmd changes of the Home Assistant docker image, you have to adopt your docker-compose or equivalent. If the developers change the way the handle ssl connections, the hack might not work anymore.
Perhaps some of the developers can shed some light on the “proper” way to do this?
Same here, I want ESP8266 running SSL server with private key and cert and trying to make it response to requests from Hass (open garage for example). I can install private cert in the current SSH session but it doesn’t persist. How can I get access to host system rather than containers?