Advantage to using HTTPS inside my home network?

Not a networking expert although I have a couple of work domains, my. router is secured by firewall and VPN and I can access HAOS fine from outside the network either with my own VPN connected or Nabu Casu. I subscribe to Nabu Casa as they should all have our support.

Sometimes it causes an issue like when a component needs to specifically be configured either http or HTTPS (Plex from HACs). So as it is today, those things work either from inside or outside the network but not both.

Any compelling reason to only connect to my instance of HA through https and based on the above, what’s my easiest way?

Thanks

To be honest, I used to run HTTPS only internally and eventually just went back to HTTP. While having the extra security was welcomed, the pain of managing certs, terminating SSL and other headaches, I decided to ditch it and just use standard HTTP for pretty much everything internally. I am very vigilant about my firewall rules and what apps and services are allowed on my management VLAN enough that I’m not really worried about encrypted connections internally.

1 Like

If it is trusted internal (not over WAN) network you control http is OK.

If you are on network that you do not control, connect over the internet, or have untrusted friend or relative with IT knowledge that are just complete anarchists that live to create trouble for you, then yes, https.

2 Likes

One reason for needing SSL is that your browser will not trust sending voice commands to HA over clear text

The second is … do you have kids that snoop your network ? :sweat_smile:

Nope! That’s what restricted access VLANs are for. :stuck_out_tongue_closed_eyes:

I do want to be able to use voice over my browser. So that would be an issue.

So what’s the easiest way for a setup like mine that will allow me to use https to connect to my instance of HA on HAOS?

The (2) main purposes of HTTPS are to verify the identity of the website you are connecting to and to encrypt your traffic to and from that website.

Z-Wave JS UI requires that you setup https to scan Z-Wave QR CODES. So that’s why I have it setup I’m my environment.

Edit: The easiest way to set up https is to use a program called XCA. It’s a GUI based program for Windows. After you set it up It’s so easy to use that I can generate certificates for new hosts in 10 seconds.

Thank you. What do I then do with the certificate? In other words, using HAOS, what other components, addons etc. do I need?

Here are the 4 basic steps.

  1. Create a Certificate Authority
  2. Install the CA Cert on every device that will connect to your server
  3. Use your Certificate Authority to generate the certs for your server then install them in the appropriate location.
  4. Edit your config file then restart Home Assistant.