Installing SSH certificate

I can access my openHABian pi under http://openhab:8080 or https://openhab:8443/. I’d like to always use HTTPS, but my (Windows) PC says the certificate is invalid. What’s the simplest way to install the certificate used by openHAB to fix this certificate warning?

I tried to follow the steps of this gist, but I cannot even find a ca.crt file in step 2 on my pi (sudo find / -name ca.crt has no output). Where is the certificate file located?

I also read the doc article about security, but I don’t know how to extract a cert file from the keystore.
Do I need NGINX to extract a cert file? I would like to keep it as simple as possible and did not see any advantage of this method. Just want to get rid of these certificate warnings :slight_smile:


Yes, I had a look at this article, but I don’t understand how to extract the certificate from the keystore. And I do not see why I should set up nginx.

There is no CA as the certificate is self-signed. You just need to save it out from your browser. Using Chrome(-ium) you can do that by opening Dev-Tools with [F12], displaying Security-tab and then the certificate details. There is a export-button. After that install the exported certificate as a trustworthy Root-CA in your OS.

Thanks Michael, this is was I did (Chrome/Windows 10):

  • F12 > Security > View Certificate
  • Details > Copy into file > DER binary code (X.509)
  • Internet Options > Contents > Certificates
  • Trusted Root Certification Authorities > Import > confirm security warning

But still, both Chrome & Edge complain the certificate is invalid (DLG_FLAGS_SEC_CERT_CN_INVALID). What am I missing?

Okay a cn invalid does mean the certificate itself is not a valid one. A CN is always required in HTTPs-Authentication of servers. The error message describes exactly that. However you need to replace it in order to accept it. I have not found quickly how to do this.

The alternative (and in docs described way) is to use a reverse proxy which can be configured automatically by running openhabian-config as root, then choosing openHAB related, Reverse Proxy and following the instructions (i’m assuming you are using openhabian as you wrote “pi”).

The manual way building a reverse proxy requires you to create an own certifcate with the e.g. openssl command.

1 Like

Thank you for the information. Can you send me a link to the doc article which describes how to use openhab-config to set up the reverse proxy? This one does not mention openhab-config. :slight_smile:

There is not an exact explanation of the tool it self - it is also quite easy to use. Here is a short description about openhabian-config: