Self-Signed certificate via the UI

Given that Voice is being a primary issue recently, and all the enhancements around it, it sure would be nice if the function could be used easily out of the box.
A fresh installation cannot support voice in the browser, due to the http connection.

The UI should be able to generate and use its own self signed cert. Sure it won’t be a “trusted” certificate, but if the instance is not externally accessible, it’s not a problem to have the browser trust the private certificate.

This should be a simple experience for the user, no-one should have to mess around with DNS providers and reverse proxies just to install and test the product.
Or did I miss something, is there a “Use internal SSL” button in the product somewhere I’ve overlooked?

This should be a feature request, I guess.
As a community, nothing we can do.

IIRC, the fact that https is needed is purely a requirement of the browser to record voice, right?
Did you tests that this works with a self-signed certificate?

Anyway, I quite agree unencrypted network communication should die, generally speaking, and it is indeed dying. You just have to see VPN solutions scrambling to stay relevant by proposing alternate products, the pure “use vpn for security reason” being debunked as BS when all services are using TLS…

Now, I think a first-time user being greeted with a security warning when reaching HA is worse, tbh.
A proper solution/request would be to be able to have both http AND https at the same time…

1 Like

Moved to the Feature Requests section, don’t forget to vote for your own request.

Sorry to say but your feature request is non sense I think :frowning: Even with a non trusted certificate it won’t work too, you need a proper valid certificate corresponding at a domain name for audio/video stuffs so no simple solution there unhappy !

Is that right? It needs to be a fully trusted certificate?
That actually makes the situation even worse. I’ve no intention of making the home internet accessible, local network is perfectly suitable for my needs. Sure would be nice if the Assistant stuff could be used from my laptop though.
I don’t mind setting up a local CA on a linux VM and making my own signed certs, but I guess they’d be no good either, as the root CA would still be untrusted.

You might want to test it before proceeding with the FR.
If it doesn’t.work, the FR is quite moot indeed, as this is a pure browser thing.

You can make the CA trusted, but that’s a tedious, machine per machine, process

1 Like

Yeah unhappy and it’s a restriction of browsers :frowning: You don’t need to make your home Internet accessible to get a regular certificate from Let’s Encrypt for example ! I recently did it to test Asterisk add-on and all you have to do is redirect the port 80 from your public IP to the system running Let’s Encrypt add-on :wink:

Or use DNS-01 validation instead, no ports required :wink:

DNS-01 validation also allows to create wildcard certificates, extremely useful if you have more than one server or want to have a valid certificate presented when accessing a router, NAS, …