I am trying to use the Android App on a Unifi Connect screen. I was able to install the Android App and when I launch it it I get the menu with the instance I want to connect to. And I see: https://ha.priv.xxxxxxxxx.net:8123 which is the correct instance of HA.
I can go to this address on my PC or on my iPhone app and get the right access.
But in the Android app, I get
“Unable to connect to Home Assistant.
Unable to communicate with Home Assistant because of a SSL error. Please ensure your certificate is valid.”
A word of my certificate…
I have a personal CA that I use for all my servers, VPN, etc. I have unique certs for each device that requires it. And I have installed the CA root cert on all my devices. I am wondering if the error that I see on the Android App is because it cannot verify the cert with a CA?
I found that indeed the app requires the CA (or cert) to be installed and trusted by the OS… I cannot modify the OS on this thing, or add certs, or anything else…
My next step is to dig in the ha app and see if I can modify and build locally with no check on ssl…
Yep - no OS modify needed. The example site I linked is from when I modified an old Android tablet a while back, but apart from the location of the option it hasn’t changed.
The issue is that it is a Kiosc type of device that is closed (made my Ubiquiti). It does not expose any configuration option but run a single app.
I have requested support from them but I am sure wont get any traction there…
Yep if you can’t install a custom cert and require SSL… You’re dead. Only recourse is
Ubiquiti support (to install your root cert)
a cert that chains to a publicly available CA. (i used to have this for my CA to avoid these issues, but this also means you are available on the Internet and have all of your CRLs setup correctly)
not using SSL for this application
Being that the device you’re trying to use is geared at digital signage you do have a legitimate use case to present to UI and the device should technically be able to do it (add custom cert) based on its underlying os… You just need them to provide a way to get the cert installed.
But I would Not try to work around it by modification of the os. You’re fighting how SSL works. It won’t be a fun time.
It is a bad idea and the reason why the app accepts user imported certificates. I suggest looking into using ADB on the device if you really need it but if the device never leaves your home maybe theres a better way to lock it down and use the app on http locally.
Just out of curiosity what are you looking to gain from using the app on this particular device? Are you planning on using widgets, sensors, notifications or other android specific features? If not and you just want the dashboard then the best advice is to use a browser on that device if you don’t need any of the extras the app provides.
I do not disagree a bit… I am just at an impasse with a 400USD touch screen that I cannot use.
This device cannot talk to any other VLAN and has no internet access. But I can see a few things that could go wrong. I will look into both options… thanks for advice.
The device is a locked device where it can only run a single app in locked mode.
What I gain from using the app is a closed environment. I can also load Firefox but then little people and wife can navigate away from HA and I think it will be painful (safe, because the device cannot access the internet, but painful).
I tried with Firefox and I can accept the risk of using that cert, so it is a “work around”. But accepting the risk on Firefox is the same as accepting the risk on the app. The link you sent me has a way for the SslErrorHandler to proceed. Ideally I would be able to copy the behavior of Firefox where I accept that cert only…
Meanwhile I am exploring a way to add the root cert to the device (impossible as far as I know, at least for now). Will post any updates.