New openHAB ios app SSL Error

jamesm85 · August 15, 2019, 1:34pm

It looks like my IOS app for openHAB has just updated to 2.1.

When I open I get an “SSL certificate error”, but I suspect this is actually because I have a reverse proxy in front which is asking for a client certificate - this wasn’t an issue before the update.

I noticed that there is now an option to use client certificates, but I cant see how you add / use the cert that’s on my device within the app?

couriersud · August 18, 2019, 8:15pm

Basically you have to

Create a CA certificate.
Install this on your mobile device (iphone: send email with ca.pem as attachment, fight through tons of steps)
Use the CA certificate to sign the client certificate
Make sure the client certificate CN matches the hostname/ip you use in your app

Alternatively, in the app “settings” you may turn off “Use SSL certificates” as posted here. This disables certificate verification.

mholti · August 19, 2019, 4:39pm

Hi,
one thing i miss in your explanation: how do i get the client cert into the app?
I’m able to login to my oh via browser with client cert. This was installed via profile.
It isn’t shown in the app.
The app won’t work…

couriersud · August 19, 2019, 10:59pm

You need to install the CA public key on the device. On iPhone you may send this as an email to your device. Google for “iOS install root certificate”. Android may be different. With the CA private key you sign the certificate which is used by openHAB or the reverse proxy. I may write a tutorial on this. Will take some time (September) since I am traveling.

timbms · August 20, 2019, 4:25am

Please try beta 2.1.6 on TestFlight

mholti · August 20, 2019, 5:31am

Sorry,
i explained my problem not exact enough…
I’ve no problem with the cert in nginx, it simpy works as you described.
I want to use the (new) feature to use a client cert for login.
And i need to know, how to get this into the app.

timbms · August 20, 2019, 7:15am

Send the certificate to yourself by mail
Use Apple‘s mail app to open the mail
Select openhab to import certificate

mholti · August 20, 2019, 10:39am

Tried this via Mail and AirDrop. cert.p12 is installed as normal “profile”. iPhone didn’t ask for import-app.
In OpenVPN for iOS the cert needs to have a special file-extension… Should .p12 work here?

oblaise · December 21, 2019, 11:58am

Dear All,

I’m facing the same issue here. I’m able to import the pkcs#12 in the iPhone profiles and thus I can use it from the Safari browser to access the openhab2 site protected by client certificate authentication.

But I don’t see it in the openhab application neither I understand how I ca do something like ‘Send the certificate to yourself by mail -> Use Apple‘s mail app to open the mail -> Select openhab to import certificate’. The only possibility I have from mail app is to import it as a profile.

oblaise · January 6, 2020, 1:57pm

I will answer my own question I found the answer looking on github: the file must have the “.ohp12” extension to be imported in the openhab application on iOS.

Additionnaly I wasn’t able to use a certificate issued by a Sub-CA, only a certificate that is directly issued by a Root-CA is working. I will open an issue on GitHub for this.

mholti · January 27, 2020, 9:37am

Hi,
thanks for this answer.
You made my day…

Cplant · June 29, 2022, 11:08am

Thanks. A rather obvious fix, but couldn’t figure it out myself.