after upgrading to Habdroid 2.0 I could not connect to my own cloud-instance.
I get the error message “SSL Handshake failed - maybe you need a valid client certificate”
I tried to activate/deactivate the two options to ignore certificate and hostname, but this doesn’t make any difference.
I also generated client-certificates and configured the nginx to verify the client-certificates, but there is still the error.
When I connect through chrome from the android phone I see, that the certificate is verified and I can connect to the website, so the certificates are ok.
I have a similar issue. I have my own (on-prem) openHAB deployment. I have set up Apache to act as a reverse proxy, and do basic auth and SSL client cert auth (using a certificate from a non-public CA) at the same time. It all works fine from a browser.
But when I try to set the openHAB Android app to go through Apache, it just throws me this “SSL Handshake failed - maybe you need a valid client certificate” error message. The CA root certificate is trusted by the phone, obviously. If I set the Android app to “Ignore certificate”, it just tries to reconnect and reconnect and reconnect and…
Which actually sounds fair, after looking at the network traffic using TCPdump. It looks like as if the Android app tried to initiate a connection using SSL, but after a couple of packets, it switched over to HTTP and issued “GET /rest/sitemaps/_default/_default HTTP/1.1”
If, on Apache, I only leave SSL enabled, and turn off both Basic auth and Certificate auth, the app can connect just fine. If I turn on either of the authentication options on, it fails.
Does anyone have any idea what’s happening here, or how I could debug the traffic from the phone side?
In the nginx configuration I ha ciphers enabled, which produced the error.
(A test with ssl-labs of the site shows only B as result)
After setting the ciphers like mentioned in the openhab-documentation ssl-labs shows A+ and habdroid can connect to the myOpenHab cloud.
In case anyone is interested, I have also found a solution, or rather a workaround for my problem. I can’t figure out for the life of me why, but SSL and authentication doesn’t work for me with Habdroid and Apache. I set up Nginx instead of Apache, and now everything’s fine and dandy.