Add private CAs to certificate store

JamesMatthew · January 12, 2021, 2:06pm

I and some other people ran into the problem that we’re using private certificate authorities in our networks but can’t (in my case with HassOS) or can only unsatifactorily (in the case of HomeAssistant Supervised as far as I can tell) add these CAs to HA’s certificate store to let it trust our devices.

HA is using certifi as certificate store right now, which doesn’t support the addition of certificates and so any changes made to its store are rolled back on reboot.

A persistent way to add certificates to HA’s store would be a welcome addition!
Since it’s a rather uncommon issue as it seems, I don’t think a UI-way is needed, but something like a folder in which .pem files can be placed to be trusted by HA would be great!

kurisutian · January 12, 2021, 2:19pm

I would love to see this in HA as I am one of the “some other people” who is currently having various issues with functionalities within HA because of that.

mb_EQNvD3CjP · January 12, 2021, 7:32pm

Sign me up too, I’ll be living with hacking Core until this is in properly

gvozdik.sanya · January 14, 2021, 10:34pm

Same here, trying to connect my custom IoT devices to HASS in local network but do not want to rely only on wifi password security.

mb_EQNvD3CjP · January 22, 2021, 2:22pm

Temp workaround here:
https://community.home-assistant.io/t/let-home-assistant-trust-a-personal-certificate-authority/184917/15

Nimmsis · February 21, 2021, 12:23am

Another vote here. this would solve a lot of the issues I’m having as well. both IoT devices and services inside my home network is using a internal CA to comunicate. and this is a showstopper to use those services in HA.

shellcode · March 12, 2021, 5:13am

put me down for a +1

BlueHound · January 4, 2022, 12:08am

+1 here too. Spent a few hours setting up an internal CA only to break my HA integrations

duncandoo · January 21, 2022, 9:02pm

+1. I have pfSense router, which I use as a local certificate authority. Would like to issue HA a certificate, and have HA trust pfSense CA.

Taomyn · June 14, 2022, 8:58am

Came here looking for answer to this, so I too would like to see just a simple way to store trusted CA certificates somewhere so that its certificates are also trusted.

Alex-M-GitHub · July 1, 2022, 1:19am

Solution for NixOS users (not an officially supported install method) is to provide packageOverrides to the home-assistant package, and concat the self-signed CA onto the certs provided by the certifi python package.

      packageOverrides = self: super: {
        certifi = super.certifi.overrideAttrs (oA: {
          prePatch = ''
            cat ${./my_root_ca_public_key.pem} >> certifi/cacert.pem
          '';
        });
      };

mcginnie · September 24, 2022, 4:50pm

Another user maintaining a private CA, and HA will not allow for certificate checking any of the local devices and services! Please add some way to persistently incorporate this without havinf to have debug and docker knowledge!

Regards,
Paul

Rob_Matteson · October 14, 2022, 7:53pm

Ended up here while trying to get the Nextcloud integration working with a self-signed certificate. As best I can tell, there isn’t an option to disable SSL verify for the Nextcloud intergration, but allowing the addition of a private CA would solve that issue nicely.

TurfFiber · October 21, 2022, 8:29am

Much needed, MEGA BUMP

odwide · November 5, 2022, 3:07am

This is a must have feature. It’s great that HA tends to be security and privacy-focused. Having the ability to add custom CA’s would be cherry on top.

P4SQL · November 10, 2022, 5:27am

Same issue here, so please add this feature request for implementation for the 2023.01 release (party)

BusinessTux · February 5, 2023, 1:54pm

Yes, please add a option to use own ca certifcates. My workaround until this is like described in Let Home Assistant trust a personal certificate authority - #21 by BusinessTux

sheller · March 19, 2023, 8:44pm

+1, super useful feature that seems like a must given the whole philosophy behind HA

Walker747 · April 2, 2023, 4:10am

I use an internal CA for various VMs and appliances, my network supports WPA2/3 Enterprise as well with an internal RADIUS server. Having the ability to trust private CAs is very much in line with the tenets of local based control, I would also appreciate the utility of this feature request.

GRex2595 · April 10, 2023, 5:08am

Count me in. I have a private CA to keep passwords and API keys secret while making it easy for the wife to use. I would really like to be able to add my CA to the list of trusted CAs once and be done with it even if I have to go through the command line. We may be a relatively small section of the overall home automation community, but it just seems to fall in line with the whole idea of owning your home automation rather than it belonging to big tech.