Option in iOS app to allow Self Signed Certificate

ios
Tags: #<Tag:0x00007f47fe8e6a78>

#1

Hi,

I’m growing fonder everyday of Home Assistant. Love the wide compatibility and the periodic updates. This made the choice of migrating from Domoticz to Home Assistant a no brainer.

I have one very big issue though a Self Signed Certificate. I use them for a variety of things, everything works great with them except… Home Assistant.

First of why? I don’t get it… I don’t like having a port 80 open to have Let’s encrypt be able to get autorenewed. So no I don’t think of that as a solution. But I don’t like the fact of having unsecured connections to be able to use Home Assistant.

My suggestion; make an option in the iOS app that gives users the ability to allow self signed certificates.
Easy as that… can we get this to a vote?


#2

Unfortunately, Apple do not allow self signed certificates, see the basic requirements section here


#3

HI Alex,
self signed cert does work with the iOS app. Just airdrop the CA certificate to your phone, install it and then enable it through Settings>General>About>Manage Licences (At the bottom). I’ve got mine working with a self signed cert no problem, :slight_smile:

J


#4

Hi,
What version of iOS did work for you? I am on iOS 11.1, and I cant get it to work.
My certificate is working on my Raspberry, i can connect from my Mac (Safari, macOS 10.13.1) with https://myip:8123 and enter my password. No problems. Then I airdropped certificate.pem to my iPhone which started a dialog on the phone. The certificate was installed and then I turned it on in Settings > General > About > Certificate Trust Settings.
Finally, from the iPhone I tried to connect (Safari) to the same ip (https://myip:8123), but I do not get through the password authentication. When I enter the password there is a delay and then the password prompt comes back (and yes, I have checked and double checked the password settings).
Then I tried the HomeAssistant app on the iPhone. Having entered the address and password I get an error that the certificate is not valid! My suspicion is that Apple has changed some security issue in the latest iOS.
Any ideas someone?


#5

Hi there,

eventually I got mine to work. But that’s with Let’s Encrypt. My main concern was a good way to renew the certificate without leaving port 80 open.

So I made a cron job that runs weekly and opens up port 80 checks to renew the certificate and then shutsdown port 80. Easy does it. I haven’t got a clue how people got selfsigned working on iPhone.

Regards!


#6

Ive had it working on 11.0.1 and 11.0.3.
Sounds like port forwarding. Remove the port number from the address then forward the standard SSL port (443 is it?) from your router to 8123 of your server.


#7

I was not clear with myip: It is on a local network so it is not a routing issue.
Probably I don’t get the SSL picture. IF everything worked ok with the certificate there would be no need to specify the port, right?
Compare with the installation of Domoticz. With http it is http://mydomoticzip:8080, and with https it is https://mydomoticzip only (no port, meaning default 443 I guess)
If I try https://myip without the port on my Home Assistant there is no connection. Arrgh. Maybe I should skip https, after all I am not sending any credit card information on the page, just some temperatures and stuff.


#8

I was having all the problems that people had here. Even with the certificate enabled in Settings->General->About->Certificate Trust settings.

The issue was that when you create the certificate, when it asks about host name or common name qualifier, you need to enter the IP of the home assistant server. if it is either a fixed ip or domain name whatever that is. That fixes the problem. If you simply put “home assistant” or anything different than the host name where your HA instance is, then it will not work as Safari or the iOS app (which uses webkit) doesnt recognize it as a valid certificate if the “common name” is not identical.