I’m using openHABian on a RP2. I have a rule that fetches data points from a Siemens HVAC controller OZW672 via their REST API. So far everything was working great until we received an upgrade on that controller.
Since then I receive the following error when trying to log on to that API via a
[ERROR] [enhab.core.model.script.actions.HTTP] - Fatal transport error: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
From what I found out so far, this error is indicating issues with certificates/SSL.
Is there a way to tell the
sendHttpGetRequest to ignore SSL?
The request is just a simple
var String urlAPI = "http://URL/api/"
var String getSessionId = sendHttpGetRequest(urlAPI + "auth/login.json?user=...&pwd=...")
and it worked fine before the update of the OZW672 today. There is indeed now a certificate on the webserver available, which is deemed “not secure” by the browser (but I do not recall how it was before the update).
Thanks for any help in advance!
In case a certificate is in use I am wondering why this
shows http instead of https ?
Hi Wolfgang, thanks for the response - I’m also wondering why? Could the PKIX path building failed-error indicate also other issues than certificates?
As additional info, I also get the browser warning, that it’s not https even when accessing the web server via http →
Hi again, Wolfgang! With your question you brought me on the right track https was forced on the OZW672 controller after the update, which I disabled now and it works again, yet more unsecure than it could be.
This raises the question, how it would actually work with https? I could already download the certificate from the webserver, but what do I do with it at openhabian?
Before you wrote that the certificate also would be shown as not secure in the browser.
I would start analyzing that part. Why does the browser show that the certificate is not secure ?
Is it a self signed certificate ? Is it expired ? What is the signing authority ?
Depending on the outcome / collection of information I would continue and decide which are next steps.
Possibilities to be checked then are if/how to continue with the existing sendHttpGetRequest or to use e.g. command line scripting ( e.g. curl ) and call that by executeCommandLine and a shell script.