Rest_command and https error

Configuration
1

Hi. I used to run rest_command:

  set_climate_to_on:
    method: POST
    url: http://192.168.x.x:8123/api/states/climate.air?api_password=pass
    headers:
      content-type: application/json
    payload: '{"state": "cool", "attributes": ...

and all was good, but after I was setup secure connection via https I’ve got error

  set_climate_to_on:
    method: POST
    url: https://sub.domain.com:8123/api/states/climate.air?api_password=pass
    headers:
      content-type: application/json
    payload: '{"state": "cool", "attributes": ...

Log after call rest_command:

Error executing service <ServiceCall rest_command.set_climate_to_on (c:8d6718ff2ff54b139ff38dcff3edd101)>

22:01 components/rest_command.py (ERROR)

Error doing job: SSL error errno:1 reason: CERTIFICATE_VERIFY_FAILED

22:01 /usr/local/lib/python3.6/site-packages/homeassistant/core.py (ERROR)

Error doing job: SSL handshake failed

22:00 /usr/local/lib/python3.6/site-packages/homeassistant/core.py (ERROR)

At the tasker there is a option ‘trust_any_certificate’ for exemple. What can I do in HA to solve this?
Thanks.

1 Like
2

My guess would be you’re using a self-signed certificate on the target system. If you want to trust it, then you could use a shell_command instead of a rest_command, and in the shell_command use curl to send the POST, and add curl’s -k (aka --insecure) switch. As I understand it, the data will still be encrypted. By using the -k option you’re telling curl not to worry that it can’t verify the root authority of the target system’s certificate.

FWIW, here is the help details for curl’s -k/–insecure option:

-k, --insecure
       (TLS) This option explicitly allows curl to perform "insecure" SSL connections and transfers. All SSL connections are  attempted  to
       be made secure by using the CA certificate bundle installed by default. This makes all connections considered "insecure" fail unless
       -k, --insecure is used.

       See this online resource for further details:
        https://curl.haxx.se/docs/sslcerts.html