Android app should allow user to accept self-signed TLS certificate

Currently, the Android app refuses https connection to HA, if self-signed TLS certificate is used.

It should ask user, and leave the decision if he wants to take the risk, up to user - similar way like most applications, browsers etc do.

There are valid use cases when self signed certificate can be used, and not allowing user to decide may just result in falling back to using plain http, which is much worse from security point of view. Currently the app is not usable at all in such case.

Note: self-signed certificate is no way a “certificate error”, it is a special case which is of course generally not recommended, but has valid use cases where using “real” cert is either not possible, or makes no sense (like if running in network without internet access, but still expected to be using https), and it should be up to user to decide.

there is already a pre-existing PR for this request, just waiting for requested changes and more review cycles

Client certificates are not the same thing as self-signed server certificates. It would probably just translate into allowing the client to disable cert checking.

A workaround would be to load your self-signed cert onto the phone and watches trust store. I know it’s possible to do this on android via the chorme browser. I am not sure if it possible on wearos.

1 Like

self signed certificates should work, see: Troubleshooting | Home Assistant Companion Docs

Since the original question is still pending that PR that was closed more than a year ago, here’s a somewhat friendly guide that works in case you want to use a personal certificate backed by your own self-signed root CA on Android:

Please no. We need more security, we need ssl pinning. Self sign certificate should be turn off by default, and you can put it in admin settings.