This happens (using every http-client) when the certificate signer is not known or trusted. Your NAS matches this issue. I’m not aware about the calendar software integrated or available for Synologys. A way to solve this would be to use http if you trust the network. If not, your openHAB system needs to trust the CA used for creating the Synology certificate (more complex). The latter solution depends on the OS openHAB is installed on, so you need to find out how to trust certificates in that OS.
I had to import the certificate to the java trust store (not from linux) and restart OH.
Now I get another error
2021-05-16 10:46:49.681 [WARN ] [g.icalendar.internal.handler.PullJob] - Download of calendar failed.
2021-05-16 10:46:49.682 [DEBUG] [g.icalendar.internal.handler.PullJob] - ExecutionException message is: No subject alternative names matching IP address 192.168.x.y found
This seems to be similar to
Is there a possibility to deactivate this strict check?
I downloaded the certificate from the web browser and have imported it to the java trust store. As I understand the dns name is synology. I don’t know if it is changeble somehow. I’m addressing it with a static IP address I gave him.
Depending which options you have when configuring the certificate. Checkout the Button “Konfigurieren” and look for “Common Name”/CN/“Zertifikatsname” and for “(Subject) Alternative Name”/SAN/“Alternativnamen”. One of those names must be the name or ip you access from openhab. Then i’d expect to get a fresh self signed certificate and the import process is the same. Else we need to create an own CA, but let’s try out that first.
Thanks Michael for your assistance and moving me to the right direction.
With “Konfigurieren”, I just can say which certificate (if there are more) to use for which service. So I tried to generate a new certificate and it worked!
The thing is online and the messages are:
2021-05-16 19:58:10.814 [DEBUG] [ar.internal.handler.ICalendarHandler] - The calendar is currently offline as no local copy exists. It will go online as soon as a valid valid calendar is retrieved.
2021-05-16 19:58:13.764 [DEBUG] [ar.internal.handler.ICalendarHandler] - Scheduled update in 360107 seconds
i am currently also struggeling with getting iCalendar binding running with my Synology. I am on DSM 7.0.1 and running OH 3.1.0. I can’t see any ‘CSR’ Button in DSM Certificate Management.
Currently my log on OH says:
2021-11-04 21:20:52.308 [WARN ] [g.icalendar.internal.handler.PullJob] - Download of calendar failed.
Can you tell me, which steps to reproduce so that i get the iCalendar working? Where do i have to download which Certificate, etc? That would be fantastic.
Thanks in advance
Edit: In the meantime i have raised log level to ‘TRACE’ and now it is giving a reason:
2021-11-05 00:48:42.505 [DEBUG] [g.icalendar.internal.handler.PullJob] - ExecutionException message is: Max requests queued per destination 1024 exceeded for HttpDestination[http://192.168.178.100:5000]@1fdecff,queue=1024,pool=DuplexConnectionPool@1921420[c=0/2/2,a=2,i=0,q=1024]
I do have 4 calendars which i am watching with 4 additional filters, so in total 8 items. Each had a pull time of 5min. In a first step i have raised this now to 15min/360min. But i dont know why this error shows up. Is there any clue on this?
can you tell me how you have imported the certificate in you’re keystore.
I’m running openhab and synology in the same.local network. But I can get the cal to work.
I have still the errors with the certificate.
ExecutionException message is: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException
I found in my history the following command: sudo keytool -import -alias myssl -file /usr/local/share/ca-certificates/extra/nas.crt -keystore /opt/jdk/zulu11.48.21-ca-jdk11.0.11-linux_aarch64/lib/security/cacerts
I’m quite confident that this did the trick.
nas.crt is the certificate exported from the NAS-drive
Between Systemsteuerung and Zertifikat was a “Sicherheit” missing, but I’m sure that wasn’t the point. If you follow the path mentioned above, you can select “Neues Zertifikat hinzufügen”. In the next step you have the option “Selbst unterzeichnetes Zertifikat erstellen”. That is what you need to do here.
maybe, but the only reason to need a certificate, is the openhab I cal binding.
My synology (needed for synology calendar) and my openhab, are not reachable from the inet.
Synolgy only offers a https link to the synology calendar. And if i enter this in the openhab raises the certificate error.
So from my point of view a self signed is enough.