FritzBox SSL communication

Hello all,
I’ve added the AVM Fritz!-Bindings, that generally works fine.
My problems come up when switching to SSL communication to my router. The OpenHab eventlog shows the following lines repeatedly:
2019-11-04 18:26:15.171 [hingStatusInfoChangedEvent] - ‘avmfritz:fritzbox:29cb6f06’ changed from OFFLINE (COMMUNICATION_ERROR): Request is invalid to OFFLINE (COMMUNICATION_ERROR): FRITZ!Box does not respond
2019-11-04 18:26:16.604 [hingStatusInfoChangedEvent] - ‘avmfritz:fritzbox:29cb6f06’ changed from OFFLINE (COMMUNICATION_ERROR): FRITZ!Box does not respond to OFFLINE (COMMUNICATION_ERROR): Request is invalid

When dumping the communication with tcpdump, it becomes clear that Openhab does not know the root certificate (Certificate unknown). Where do I have to save this cert to introduce it to Openhab?

Can I ask? Why do you want to do that inside your own LAN?

since the binding connects regularly to my router and sends a password to login, I would like to encrypt the connection. The router is somewhat sensitive and essential for my internet connection. Just to be sure.

Does anyone know where to put the cert for any binding SSL connection?

By the way, the operating system (Ubuntu) is able to create a trusted SSL connection:
openssl s_client -connect myfritzbox.domain:.443
-> Verify return code: 0 (ok)

I also added my CA to /var/lib/openhab2/etc/keystore. I’m not sure, if this is the correct place for storing it. But due to my limited knowledge in Java, I don’t have any idea where else to put this CA.
Similar issue here:

Okay, the solution is quite obviously:
sudo keytool -importcert -alias my_ca_alias -keystore /usr/lib/jvm/zulu-8-amd64/jre/lib/security/cacerts -file myca.crt
The default password is “changeit”.
This works for a zulu implementation of java. For Oracle java the path is very similar, dependent on the java home directory.
Thank you.

1 Like

Thanks. Fixed it for me as well.