MTLS in Android app

I see this has been requested previously but was closed as an advanced or fringe request last year but given openhab supports this I was hoping it may have been added and I may have missed it. This would be very helpful in providing a more secure setup. Thanks for your response and support.

I would like to see this implemented as well. It is much more secure and additional filtering can be performed to prevent external access to Home Assistant from unauthorized actors.

Cloudflare supports mTLS.

Mutual TLS RuleLearn more about Mutual TLS

Block traffic from devices that do not have a valid client SSL/TLS certificate with an mutual TLS rule. Specify the API hosts and Cloudflare will block all requests that do not have a certificate for mutual TLS (mTLS) authentication.

You will need to create a client certificate and select a host to enable mTLS for. Setup

It’d be cool to see this implemented. I’m guessing by the lack of replies here that it’s not really being worked on though :frowning:

its a very unique use case that the majority of users do not use so it more than likely won’t be added

I would love to see mTLS implemented in Android App!
It’s usable even without Cloudflare, by using nginx for example.

I’ve implemented a working POC for home-assistant-android app, seems to work well.
It loads key/cert in pem format from disk saving it in AndroidKeyStore.
The cert is then served in WebClient onReceivedClientCertRequest callback and OkHttpClient calls.
How am i supposed to push these changes?

2 Likes

If anyone is interested, here is relevant PR

1 Like