Hi There Community,

I have setup Nginx reverse proxy pretty much sucesfully but I have some issue with self-signed certificate. I get this error in webbrowser: NET::ERR_CERT_COMMON_NAME_INVALID

I have added my certificate to windows certlm

Any ideas?

That error usually indicates the name on the certificate and the name of the server are different.

Source of my problem is that - my certificate needs to contains subject alternative names to be able to work properly in modern webbrowser. Here is how I fix it

I’ve create new file called req.conf in /etc/ssl/

sudo touch /etc/ssl/req.conf

paste this inside (delete my remarks below with #…):

distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
C = PL #country code
ST = Lower Silesia #state code
L = Wroclaw #city
O = openhab #system name from openhab (sudo openhabian-config > system setings > hostname - “openhab” in my case)
OU = openhab #as above
CN = openhab #as above
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
DNS.1 = openhab #as above
DNS.2 = openhab #as above
DNS.3 = openhab #as above

then i use this file to create self signed cert in location which is already set up in nginx:

openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout openhab.pem -out openhab.pem -config req.conf -extensions ‘v3_req’

Then i copy my new certificate to html location just to reach it easaly

sudo cp openhab.crt /etc/openhab2/html

Copy pase it from above location to my desktop and install it as trusted main authority - as local computer not user.
You can check if it is present in this warehouse - cmd > certlm and press actions “find certificate”

Now clear casche from webbroweser and use proper address to be able to reach your openhab serwer - https://openhab in my example.


But - what I do not know - is how to do this with certian IP address to be able to see it as secure connection.

Under [alt_names] add
IP.1= n.n.n.n

Where n.n.n.n is the ip address.

Dosen’t work for me - I’ve tried :slight_smile:

have it on ip2 thou - maybe on ip1 it will work - will try it tomorrow

Anyway, this is off-topic for this openHAB forum.
Many other forums discuss SSL certificates and using openssl.