Allow "Self-signed Certificate for SSL/TLS" please

Hi, there’s a guide in home-assistant.io where you can install a Self-signed Certificate for SSL/TLS. This is great for people who don’t want to use Lets encrypt and don’t want to open up their HA to the internet.

I use VPN to access my HA remotely.

It would still be able to access HA using https localy, but the app doesn’t accept “Self-signed Certificate for SSL/TLS”. Can this be fixed? Using the browser let’s me to choose to accept the risk.

I`m interested, why would you encrypt the connection even if you just access to HA via VPN, which is already encrypted, or over your own network?

I’m not connected to HASS via VPN locally, thus this would be great. If it can’t be solved I can use it by making a rule in my site-site VPN.

But it would be great if it could be done.

I believe you would need to create a self-signed CA, and then issue your self-signed off of that CA. Afterwards you would need to use apple configurator to create a package for your own certificates and install them as a profile on your phone.

I tried that, it didn’t help so I figured out it was due to the iOS app.

I second this… for an app like this, quite strange that this is not already taken care of.

Can someone confirm this on a backlog or something?

Hi Guys,

self signed certificate works for the iOS app. This is how I did it:

  1. Followed Self Signed SSL https://home-assistant.io/docs/ecosystem/certificates/tls_self_signed_certificate/
  2. Airdroped the fullchain.pem file to my iPhone
  3. Installed certificate on phone (follow on screen instructions)
  4. Went into Settings>General>About>Certificate Trust Settings
  5. Turn on the certificate you just installed.

I’m not an SSL guru but my app works so I assume Apple supports this now. If I try get to my HASS using just http:// in a browser doesn’t work. This makes me assume https is working. I’m happy for any questions or and guidance anyone else can provide if I’ve done something wrong.

Doesn’t work for me.

  1. I followed the Self Signed SSL instructions
    1.1 filled every field during creation process
  2. installed certificate on iPhone
    2.1 certificate is marked as installed on iPhone
  3. Activated the certificate in the trust settings

I cannot access Hassbian using the app. It says:
The certificate for this server is invalid. You might be connecting to a server that is pretending to be “hassbian.local” which could put your confidential information at risk.

I can access https://hassbian.local:8123 on my iPhone. I enter my password, the loader is spinning, but after a while it says: “Unable to connect”.

On MacOS everything works fine…

What might be the problem?

@anon90333909 @hotswapster - how do you get the .pem file off of HASS please? I am using DuckDNS and Let’s Encrypt and nowhere does it seem to advise where you get the file from :slight_smile: Thanks

Hey @daneboom, If you’re using lets Encrypt you don’t need to put the .pem file across. Let’s Encrypt is already trusted.

If you can go to https://yourHASS on a pc and no errors come up about security, your let’s encrypt is working.

I had to use port 443 and forward to port 8123 to get mine working as the app’s https uses 443 only (from what I can gather).

@anon90333909 you need to use your external address to contact your server, not HASS.local
hass.local will only work on your local wifi network at home.

Thanks for this - nowhere have I seen this documented - might be my eyes though!! I’ll give it a try.

I think as soon as you use https in you app it defaults to 443. It was awhile ago I got this working.
Do the port forwarding in your router.