It looks like my IOS app for openHAB has just updated to 2.1.
When I open I get an “SSL certificate error”, but I suspect this is actually because I have a reverse proxy in front which is asking for a client certificate - this wasn’t an issue before the update.
I noticed that there is now an option to use client certificates, but I cant see how you add / use the cert that’s on my device within the app?
Basically you have to
- Create a CA certificate.
- Install this on your mobile device (iphone: send email with ca.pem as attachment, fight through tons of steps)
- Use the CA certificate to sign the client certificate
- Make sure the client certificate CN matches the hostname/ip you use in your app
Alternatively, in the app “settings” you may turn off “Use SSL certificates” as posted here. This disables certificate verification.
one thing i miss in your explanation: how do i get the client cert into the app?
I’m able to login to my oh via browser with client cert. This was installed via profile.
It isn’t shown in the app.
The app won’t work…
You need to install the CA public key on the device. On iPhone you may send this as an email to your device. Google for “iOS install root certificate”. Android may be different. With the CA private key you sign the certificate which is used by openHAB or the reverse proxy. I may write a tutorial on this. Will take some time (September) since I am traveling.
Please try beta 2.1.6 on TestFlight
i explained my problem not exact enough…
I’ve no problem with the cert in nginx, it simpy works as you described.
I want to use the (new) feature to use a client cert for login.
And i need to know, how to get this into the app.
Send the certificate to yourself by mail
Use Apple‘s mail app to open the mail
Select openhab to import certificate
Tried this via Mail and AirDrop. cert.p12 is installed as normal “profile”. iPhone didn’t ask for import-app.
In OpenVPN for iOS the cert needs to have a special file-extension… Should .p12 work here?
I’m facing the same issue here. I’m able to import the pkcs#12 in the iPhone profiles and thus I can use it from the Safari browser to access the openhab2 site protected by client certificate authentication.
But I don’t see it in the openhab application neither I understand how I ca do something like ‘Send the certificate to yourself by mail -> Use Apple‘s mail app to open the mail -> Select openhab to import certificate’. The only possibility I have from mail app is to import it as a profile.
I will answer my own question I found the answer looking on github: the file must have the “.ohp12” extension to be imported in the openhab application on iOS.
Additionnaly I wasn’t able to use a certificate issued by a Sub-CA, only a certificate that is directly issued by a Root-CA is working. I will open an issue on GitHub for this.
thanks for this answer.
You made my day…
Thanks. A rather obvious fix, but couldn’t figure it out myself.