Update tls_self_signed_certificate.markdown (#3396)

* Update tls_self_signed_certificate.markdown

Add .pem and  iOS info to save others searching for it like I had too and save time :)

* Minor changes

* Update names
This commit is contained in:
John 2017-09-18 17:34:38 +12:00 committed by Fabian Affolter
parent e1697c1161
commit ef7953c5b0

View File

@ -14,21 +14,29 @@ If your Home Assistant instance is only accessible from your local network you c
To create locally a certificate you need the [OpenSSL](https://www.openssl.org/) command-line tool.
Change to your Home Assistant [configuration directory](/getting-started/configuration/) like `~/.homeassistant`. This will make it easier to backup your certificate and the key. Run the command shown below.
Change to your Home Assistant [configuration directory](/getting-started/configuration/) like `~/.homeassistant`. This will make it easier to backup your certificate and the key. Run the command shown below.
The certificate **must** be `.pem` extension.
If you are going to use this certificate with the iOS app, you need to ensure you complete **all** fields during the cetificate creation process, then:
* Send **only** `certificate.pem` file to the iOS device using airdrop or other transfer method.
* Open the `.pem` file on the iOS device, follow the prompts to trust and install it.
* If you are using iOS 10.3 or newer then [additioal steps](https://support.apple.com/en-us/HT204477) are needed.
```bash
$ openssl req -new -x509 -sha256 -newkey rsa:4096 -nodes -keyout privkey.pem -days 730 -out fullchain.pem
$ openssl req -sha256 -newkey rsa:4096 -nodes -keyout key.pem -x509 -days 730 -out certificate.pem
```
For details about the parameters, please check the OpenSSL documentation. Provide the requested information during the generation process. At the end you will have two files called `privkey.pem` and `fullchain.pem`. The key and the certificate.
For details about the parameters, please check the OpenSSL documentation. Provide the requested information during the generation process. At the end you will have two files called `privkey.pem` and `certificate.pem`. The key and the certificate.
Update the `http:` entry in your `configuration.yaml` file and let it point to your created files.
```yaml
http:
api_password: YOUR_SECRET_PASSWORD
ssl_certificate: /home/fab/.homeassistant/fullchain.pem
ssl_key: /home/fab/.homeassistant/privkey.pem
ssl_certificate: /home/your_user/.homeassistant/certificate.pem
ssl_key: /home/your_user/.homeassistant/privkey.pem
```
A tutorial "[Working with SSL Certificates, Private Keys and CSRs](https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs)" could give you some insight about special cases.