And, BTW, I can’t imagine there would be any issues running the 3.2 jar with the 3.1 release. I don’t think anything major changed in core since the release.
I’ll check when near my install again, but you might be onto something… I used wget on the OpenHAB machine and didn’t include the ‘raw=true’ as it ended up in the filename when I did. I’ll download again, check the filesize and report back.
Ok, tried again but using the raw=true link on 3.2. Got this when using the console:
openhab> list -s |grep zoneminder
289 │ Resolved │ 80 │ 3.2.0.202106300004 │ org.openhab.binding.zoneminder
Feature list shows that zoneminder 3.2 is uninstalled. I’ll remove the .jar, cycle the log level, reinstall the .jar and see if I can provide the debug log.
Scratch that, needed a reboot. I normally restart the openhab process.
Edit 1:
16:44:45.964 [DEBUG] [nder.internal.handler.ZmBridgeHandler] - Bridge: IOException on POST request, url='https://192.168.178.231/zm/api/host/login.json': java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Is probably relevant. I’ve been tweaking the log levels but would appreciate any guidance on that so that I can get the log detail out for you.
Edit 2: Generated a separate self signed certificate just in case. Same result.
Yeah, if you don’t use raw=true you get an HTML page instead of the jar file.
And, yes, the DEBUG statement above looks relevant. It would be helpful if you can include the DEBUG log from the point when the bundle starts. You can get that by restarting the bundle from the console.
bundle:restart org.openhab.binding.zoneminder
Soooo… after some more effort and checking, as well as a downgrade back to 3.1, I got it to work with my CA issued certificate. Let me repeat the test with a self generated certificate as well, as this better matches the likely use case for people, even though its not what I wanted to configure.
My CA doesn’t issue certs for IP addresses, the last thing I changed was from IP address to host name (long story but DNS wasn’t set up on the openhab machine for internal addresses). Once I did this it worked, but this may be something that needs to go in the docs for posterity.
I’m glad you got it working. And I’m not sure why it wouldn’t have worked using an IP address. Let me know the results when you try it with a self-signed cert.
Self cert (using domain name as common name) worked as well. IP address worked too, with all certificates tested only using domain names, not IP addresses.
As an aside, as it does seem that the updates now allow it to work with self generated certificates, for use with a 3rd party provided certs, what certificate store is referenced for known CAs? I appreciate that this isn’t directly related to use of self generated certificates.
I think it uses the standard Java CA store. But I’m not 100% sure of that.
So after a significant absence due to other things keeping me busy, I’ve kicked off a Zoneminder / Openhab install again. I can confirm that when using one’s own CA to provide certificates, the default java truststore on the openhab install requires the ca certificate to be added before openhab will recognise it.
This is different to the previously tested behaviour, but I agree with the implementation.