From 290ce7eb3e94b9f949a6d59fd2c0e1458e27fff4 Mon Sep 17 00:00:00 2001 From: John Date: Tue, 19 Sep 2017 07:47:08 +1200 Subject: [PATCH] Update tls_self_signed_certificate.markdown (#3400) * Update tls_self_signed_certificate.markdown corrected typo and made file names match * Replace HASS with Home Assistant --- .../tls_self_signed_certificate.markdown | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/source/_docs/ecosystem/certificates/tls_self_signed_certificate.markdown b/source/_docs/ecosystem/certificates/tls_self_signed_certificate.markdown index 0c74f7494ed..53736e06937 100644 --- a/source/_docs/ecosystem/certificates/tls_self_signed_certificate.markdown +++ b/source/_docs/ecosystem/certificates/tls_self_signed_certificate.markdown @@ -10,9 +10,11 @@ footer: true redirect_from: /cookbook/tls_self_signed_certificate/ --- -If your Home Assistant instance is only accessible from your local network you can still protect the communication between your browsers and the frontend with SSL/TLS. [Let's encrypt]({{site_root}}/blog/2015/12/13/setup-encryption-using-lets-encrypt/) will only work if you have a DNS entry and remote access is allowed. The solution is to use a self-signed certificate. As you most likely don't have a certification authority (CA) your browser will conplain about the security. If you have a CA then this will not be an issue. +If your Home Assistant instance is only accessible from your local network you can still protect the communication between your browsers and the frontend with SSL/TLS. +[Let's encrypt]({{site_root}}/blog/2015/12/13/setup-encryption-using-lets-encrypt/) will only work if you have a DNS entry and remote access is allowed. +The solution is to use a self-signed certificate. As you most likely don't have a certification authority (CA) your browser will conplain about the security. If you have a CA then this will not be an issue. -To create locally a certificate you need the [OpenSSL](https://www.openssl.org/) command-line tool. +To create a certificate locally, you need the [OpenSSL](https://www.openssl.org/) command-line tool. Change to your Home Assistant [configuration directory](/getting-started/configuration/) like `~/.homeassistant`. This will make it easier to backup your certificate and the key. Run the command shown below. @@ -20,15 +22,17 @@ The certificate **must** be `.pem` extension. If you are going to use this certificate with the iOS app, you need to ensure you complete **all** fields during the cetificate creation process, then: -* Send **only** `certificate.pem` file to the iOS device using airdrop or other transfer method. +* Send **only** the `certificate.pem` file to the iOS device, using airdrop or other transfer method. * Open the `.pem` file on the iOS device, follow the prompts to trust and install it. -* If you are using iOS 10.3 or newer then [additioal steps](https://support.apple.com/en-us/HT204477) are needed. +* If you are using iOS 10.3 or newer then [additional steps](https://support.apple.com/en-us/HT204477) are needed. ```bash -$ openssl req -sha256 -newkey rsa:4096 -nodes -keyout key.pem -x509 -days 730 -out certificate.pem +$ openssl req -sha256 -newkey rsa:4096 -nodes -keyout privkey.pem -x509 -days 730 -out certificate.pem ``` -For details about the parameters, please check the OpenSSL documentation. Provide the requested information during the generation process. At the end you will have two files called `privkey.pem` and `certificate.pem`. The key and the certificate. +For details about the parameters, please check the OpenSSL documentation. Provide the requested information during the generation process. + +At the end you will have two files called `privkey.pem` and `certificate.pem`. The key and the certificate. Update the `http:` entry in your `configuration.yaml` file and let it point to your created files. @@ -39,4 +43,6 @@ http: ssl_key: /home/your_user/.homeassistant/privkey.pem ``` +A restart of Home Assistant is required for the changes to take effect. + A tutorial "[Working with SSL Certificates, Private Keys and CSRs](https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs)" could give you some insight about special cases.