New openHAB ios app SSL Error

It looks like my IOS app for openHAB has just updated to 2.1.

When I open I get an “SSL certificate error”, but I suspect this is actually because I have a reverse proxy in front which is asking for a client certificate - this wasn’t an issue before the update.

I noticed that there is now an option to use client certificates, but I cant see how you add / use the cert that’s on my device within the app?

Basically you have to

  • Create a CA certificate.
  • Install this on your mobile device (iphone: send email with ca.pem as attachment, fight through tons of steps)
  • Use the CA certificate to sign the client certificate
  • Make sure the client certificate CN matches the hostname/ip you use in your app

Alternatively, in the app “settings” you may turn off “Use SSL certificates” as posted here. This disables certificate verification.

Hi,
one thing i miss in your explanation: how do i get the client cert into the app?
I’m able to login to my oh via browser with client cert. This was installed via profile.
It isn’t shown in the app.
The app won’t work…

You need to install the CA public key on the device. On iPhone you may send this as an email to your device. Google for “iOS install root certificate”. Android may be different. With the CA private key you sign the certificate which is used by openHAB or the reverse proxy. I may write a tutorial on this. Will take some time (September) since I am traveling.

Please try beta 2.1.6 on TestFlight

Sorry,
i explained my problem not exact enough…
I’ve no problem with the cert in nginx, it simpy works as you described.
I want to use the (new) feature to use a client cert for login.
And i need to know, how to get this into the app.

Send the certificate to yourself by mail
Use Apple‘s mail app to open the mail
Select openhab to import certificate

Tried this via Mail and AirDrop. cert.p12 is installed as normal “profile”. iPhone didn’t ask for import-app.
In OpenVPN for iOS the cert needs to have a special file-extension… Should .p12 work here?