Added SAN to the example openssl command (#12258)

* Added SAN to the example openssl command

This ensures that the Home Assistant Companion on Android 10 (this is what I tested) will correctly connect to the local Home Assistant instance. This is due to compliance with RFC 2818, which states that support for CN fallback is deprecated and only SAN should be used to establish whether a certificate is valid or not.

* ✏️ Tweaks

* Update tls_self_signed_certificate.markdown

Co-authored-by: Franck Nijhof <frenck@frenck.nl>
This commit is contained in:
Valerio Baudo 2020-03-04 09:31:20 +01:00 committed by GitHub
parent 516380b474
commit a913852ef4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -23,9 +23,11 @@ Change to your Home Assistant [configuration directory](/getting-started/configu
The certificate **must** be `.pem` extension.
```bash
openssl req -sha256 -newkey rsa:4096 -nodes -keyout privkey.pem -x509 -days 730 -out fullchain.pem
openssl req -sha256 -addext "subjectAltName = IP:X.X.X.X" -newkey rsa:4096 -nodes -keyout privkey.pem -x509 -days 730 -out fullchain.pem
```
Where the `X.X.X.X` must be replaced with the IP address of your local machine running Home Assistant (e.g., `192.168.1.20`).
For details about the parameters, please check the OpenSSL documentation. Provide the requested information during the generation process.
At the end you will have two files called `privkey.pem` and `fullchain.pem`. The key and the certificate.