You can find it on the github page. [hue] Add workaround for Bridge v3 certificate issue by andrewfg · Pull Request #19401 · openhab/openhab-addons · GitHub
1 Like
It is as @DaDen says. However the new Jar doesn’t solve the problem. But I am working on it..
1 Like
I don’t want to be that guy that asks for help, expects immediate response and then disappears when his problem is solved. So, I am so sorry that I was not yet able to perform this test. (Even if I have plenty of good reasons for that).
I see that in the mean time @AndrewFG is working on a new version of the jar.. so will wait for that..
We are currently blocked. There is a missing intermediate certificate which should be in the bridge but isn’t. So it either requires a firmware update, or for Signify to give us that certificate..
Why does it look that adaptation to new hardware is much easier in HA than it is in openHAB?
i don’t read anything about problems with certificates. Am I missing something?
1 Like
Yes you are. If you want to be helpful then please feel free to send me a link to a HA thread where the actual issue of certificates is discussed. Rather than sending fatuous links to threads that are talking about something quite different. And BTW if you do want an issue resolved it is probably better to not piss off the developer who might dedicate his private time to potentially solving it.
1 Like
Andrew, don’t get upset. This is not my intention at all. You probably got me wrong. I notice in HA the new bridge seems to get adapted without any issues (as far as I could see) and in openHAB there seems to be an issue that has to be resolved by Signify.
I appreciate your work very much. But perhaps in this case there has been taken a wrong exit somewhere because I don’t understand why this issue only occurs with openHAB.
So this is not to piss you off but to rethink why this difference exist. At the end we all like to have a solution. Again, your work is very well appreciated.
FWIW, this is the change made in HA to support the new bridge:
https://github.com/home-assistant/core/pull/151411
So they disabled certificate verification altogether:
# NOTE: we disable SSL verification for now due to the fact that the (BSB003)
# Hue bridge uses a certificate from a on-bridge root authority.
# We need to specifically handle this case in a follow-up update.
I received my new bridge yesterday, but haven’t unboxed it yet, and I’m not yet ready to migrate to it. But there were already mentioned work-arounds/solutions in this thread, until a proper fix with correct certificates can be provided.
This reminds me of Bringing electricity information from eloverblik.dk and energidataservice.dk into Openhab - #113 by laursen. In HA they quickly disabled certificate verification in the integration itself. We were more conservative and provided a work-around by letting users install and trust the certificate themselves - which did not require a new binding release, and did not disable certificate verification. The next day the service was fixed.
I’m not saying anything is right or wrong, I’m just stating that we might have different perspectives.
Since there is a work-around provided, I don’t think we need to rush?
1 Like
FYI. Today I migrated my Hue Bridge to the new Hue Bridge Pro using the “old” Hue-binding.
I added the certificate to the java keystore (on my Windows machine) and it worked fine for me.
To accomplish this I used the information provided in this thread by jpalo.
A (temporary) solution like HA used, would also have been fine for me.
1 Like
Yeah. I will probably push a PR on the weekend that disables the cert validation in OH too. (At least until Signify finally provides the missing link). (Just please dont moan at me about the security warning that you all will therefore see in your OH logs).
1 Like
Signify makes a firmware update usually every month, at least at the start. There was one about 3 days ago, but I didnt check yet if it provides the missing intermediate certificate. The current work around is to install the bridge cert at operating system level. But for people who fear installing unverified certificates in their OS, (everybody should do that), another work around will be to ignore (temporarily) the missing certificate at OH level. I will push a PR over the weekend to do that.
1 Like
Good idea Andrew. And don’t forget, we appreciate your efforts very much!
The work around PR is ready to merge..
Seems we stuck with PR….
It has been merged, so it will appear in the current SNAPSHOT and the next MILESTONE releases..
So Can I try this aleady - openhab/openhab:5.1.0-snapshot-alpine ?)
1 Like