I can access my openHABian pi under http://openhab:8080 or https://openhab:8443/. I’d like to always use HTTPS, but my (Windows) PC says the certificate is invalid. What’s the simplest way to install the certificate used by openHAB to fix this certificate warning?
I tried to follow the steps of this gist, but I cannot even find a ca.crt file in step 2 on my pi (sudo find / -name ca.crt has no output). Where is the certificate file located?
I also read the doc article about security, but I don’t know how to extract a cert file from the keystore.
Do I need NGINX to extract a cert file? I would like to keep it as simple as possible and did not see any advantage of this method. Just want to get rid of these certificate warnings
Yes, I had a look at this article, but I don’t understand how to extract the certificate from the keystore. And I do not see why I should set up nginx.
There is no CA as the certificate is self-signed. You just need to save it out from your browser. Using Chrome(-ium) you can do that by opening Dev-Tools with [F12], displaying Security-tab and then the certificate details. There is a export-button. After that install the exported certificate as a trustworthy Root-CA in your OS.
Okay a cn invalid does mean the certificate itself is not a valid one. A CN is always required in HTTPs-Authentication of servers. The error message describes exactly that. However you need to replace it in order to accept it. I have not found quickly how to do this.
The alternative (and in docs described way) is to use a reverse proxy which can be configured automatically by running openhabian-config as root, then choosing openHAB related, Reverse Proxy and following the instructions (i’m assuming you are using openhabian as you wrote “pi”).
The manual way building a reverse proxy requires you to create an own certifcate with the e.g. openssl command.
Thank you for the information. Can you send me a link to the doc article which describes how to use openhab-config to set up the reverse proxy? This one does not mention openhab-config.