Good tutorial, but unfortunately due to conflict of interests, iOS users are not able to use this way to protect their setups while allowing external access without paying for it.
There was a discussion on the PR:
home-assistant:master ← home-assistant:client-cert
opened 06:12AM - 29 May 22 UTC
TODO:
- [ ] Update HAKit to support providing arbitrary URLCredentials -- this … requires forking Starscream which doesn't offer the ability to provide it, which means HAKit will begin requiring a fork version, which is messy
- [ ] Passphrase prompting (rather than crashing)
- [ ] Client certificates [do not work with URLSession background sessions](https://developer.apple.com/forums/thread/704839?answerId=711419022#711419022
) -- this may be a dealbreaker, especially on Watch or eventually in Widgets
- [ ] Requires iOS 15, because that's when URLSession-based WebSocket connections become available, which is when client certificates begin working
## Summary
- Only PKCS12 files containing a key & certificate are supported.
- Fails with Caddy, which doesn't appear to prompt.
- Does work with nginx.
Continues the credential threading of #2131 by prompting for client certificates when the server requests. There are 2 kind of client certificate requests:
1. Required, where failing to provide one will error
2. Optional, where failing to provide one continues to work
ASWebAuthenticationSession doesn't support customizing networking, so this also implements a (pretty simple) wrapper around the login flow in an in-app web view. This has the upside of not doing a second certificate trusting screen for self-signed certs too.
## Screenshots
## Link to pull request in Documentation repository
Documentation: home-assistant/companion.home-assistant#
## Any other notes
And it moved to this topic, but it will probably be ignored:
Hello,
this post is an effort to convey the interest from the community in having the possibility for securing communications between the iOS app and Home Assistant installations.
The security requirements that such a feature would ideally satisfy are the following:
R1) To be configurable in such a way to impact only the traffic between the app and the server
R2) To allow management of the server-side security not necessarily inside Home Assistant, but also in a separate way
R3) Allow (and …
Unfortunately, seems that community pressure will not work with this conflict as it involves Nabu Casa