Garmin "myHomeControl" app ssl certificate problem?

I’m running OpenHAB in a Docker container on my Synology NAS.

Last week I bought a Garmin watch. I installed an app called myHomeControl which should be able to control OpenHAB items through the rest interface. The problem is I always get the error “request timed out. Try again!”

Paired with an android smartphone the app accepts only https:// connections, no http://.
I think the problem might be that the self signed SSL certificate isn’t accepted by my smartphone. I think so because on windows with curl I can use the rest interface with http but get an error message regarding the self signed SSL certificate when I try to use https. I guess it is the same thing with the android smartphone.
I tried downloading the ca certificate through my browser and install it on android but get the error message that the private key is required.

Do you think my reasoning is plausible that it is a certificate problem? Can you tell me how to get the private key from my docker container to install the ca certificate in my android smartphone? I must admit I have no experience at all with encryption and certificates, therefore I’ve no idea how to do this.

Your help is very much appreciated!

As far as I know the certificate ( private and pubic part ) is stored in a java keystore.
It’s location is /var/lib/openhab/etc/keystore on a Pi. On docker the path may vary.
Download the file and open it with the Java Keystore Explorer.
To open the the keystore you need to enter the right password which should be openhab.
To open the private key you need to enter openhab as passphrase.
Using kse you can export the key/certificate.

Thank you very much for this explanation! it really helped me to get the private key. After a lot of trial and error I’m still struggling to export it in a format that my Android phone accepts. But I guess this is now an Android issue, not an OpenHab problem.

If anyone stumbles on this thread in the future with a similar problem: If you use docker, the keystore file is in the mounted userdata/etc folder.

This may help to convert the certs into the correct format:

@jamkas did you get this to work, if so could you post a howto?

did you fix it?