Action sendHttpGetRequest throws ssl error when calling FOSCAM camera interface for outdated certificate

Tags: #<Tag:0x00007f2fc2935eb0> #<Tag:0x00007f2fc2935d70>

Hi all,
I have a FOSCAM FI8800P camera, installed the binding of @matt1 (https://community.openhab.org/t/ipcamera-new-ip-camera-binding/42771 ) and OpenHAB running with nearly last snapshot on a RasPi 3b.

Motion detection is triggered via item. This part works good!

But because the Disable motion switch of this binding clears all parameters of the detection area, Matt proposed in his entry in https://github.com/Skinah/IpCamera in the section Special notes for Foscam to use the HTTP/CGI commands to switch the cameras Motion Detection parameter. One example is:

/cgi-bin/CGIProxy.fcgi?cmd=setMotionDetectConfig1&isEnable=1&snapInterval=1&schedule0=281474976710655&schedule1=281474976710655&schedule2=281474976710655&schedule3=281474976710655&schedule4=281474976710655&schedule5=281474976710655&schedule6=281474976710655&x1=0&y1=0&width1=10000&height1=10000&sensitivity1=1&valid1=1&linkage=6&usr=xxxxx&pwd=xxxxx

I adopted this to my environment and can call the enable and disable motion detection from my PC’s browser.

And now the issue: the certificate of the camera is outdated and in Firefox I was able to add a manual excption. But on my RasPi I have no Firefox or other browser running (headless installation). And when now running the action sendHttpGetRequest in a rule with a https address it throws an error about the certificate.I got the existing certificate from my PC copied and installed on the RasPi, but it is outdated.

2018-11-09 14:37:48.459 [ERROR] [.smarthome.model.script.actions.HTTP] - Fatal transport error: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

Question: can I in any way install manually an exception like in Firefox via SSH terminal? Or can I trigger the sendHttpGetRequest to ignore SSH certificate errors (like it is possible with curl command)?
Thanks, Siggi

@vzorglub posted a nicer tutorial on how to add a new trusted CA to Java for mqtt but it should be the same for HTPP

Hi Rich, this text does not address my issues. I cannot generate new keys/certificate for my Foscam camera, because this is part of the firmware.
I need a way to use HTTPS without a certificate or ignoring certificate errors (outdated certificate in firmware) or marking the Foscam address a trustable without having a browser available on my RasPi. As I read in Internet Foscam is not really willed to update ongoing their certificates in the firmware …
Regards, Siggi

You would add the CA that signed the certs used by the camera to your trust store.

There is no way to have the http actions ignore certificate errors. You would have to use the native Java HTTP libraries to build the request. You can see examples of this in the OAuth2 tutorial and the iCloud tutorial.

Hi all, life is so easy, when you found a solution. The solution for my problem is existing already for a longer time:[IpCamera: New IP Camera Binding](entry 285)
Matt has added a separate url to call to enable the MotionDetection for a Foscam camera. By this I can use the binding also for enabling and disabling motiondetection paramer.