I’ve found a few other posts about Unifi Access, but they all seem to trail off before a solution is found.
I’m trying to use the Unifi Access API to add and modify visitors. My end goal is to automatically create visitors and PIN numbers when an AirBnB booking comes in.
I have successfully got some data from the API using a HTTP Thing, but I really need to be able to do it through scripts.
Acces API doc https://assets.identity.ui.com/unifi-access/api_reference.pdf
After a little chat with GPT, I think what I’m missing is the SSL/TLS security. In the API doc in section 1.4, point 3, it says
Enable HTTPS encryption using SSL/TLS certificates to secure data transmission.
GPT gave me some instructions for doing this, but I don’t understand any of it and don’t really trust it. Can anyone confirm this?
This is what it suggested:
2) Proper fix: trust the server’s cert in Java (recommended)
Import the server’s certificate into the JVM truststore that runs openHAB:
- Export the cert (example Linux command):
# save the leaf cert from 10.0.0.1:443
openssl s_client -connect 10.0.0.1:443 -showcerts </dev/null 2>/dev/null \
| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/device.pem
- Find the Java in use and import:
# find JAVA_HOME
JAVA_HOME=$(dirname "$(dirname "$(readlink -f "$(which java)")")")
sudo keytool -importcert -alias device-10-0-0-1 \
-file /tmp/device.pem \
-keystore "$JAVA_HOME/lib/security/cacerts" -storepass changeit
- Restart openHAB:
sudo systemctl restart openhab
If you prefer a separate truststore, create one and point openHAB at it via EXTRA_JAVA_OPTS, e.g.
-Djavax.net.ssl.trustStore=/path/to/truststore.jks -Djavax.net.ssl.trustStorePassword=changeit in /etc/default/openhab. openHAB Community+1
(Community threads confirm this is the right approach for PKIX errors in openHAB.)