jeans/home-assistant.io
jeans/home-assistant.io
1
0
Fork 0
mirror of https://github.com/home-assistant/home-assistant.io.git synced 2025-05-07 19:48:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
home-assistant.io/source/_docs/ecosystem/certificates/tls_self_signed_certificate.markdown
John 290ce7eb3e Update tls_self_signed_certificate.markdown (#3400) 
* Update tls_self_signed_certificate.markdown

corrected typo and made file names match

* Replace HASS with Home Assistant
2017-09-18 21:47:08 +02:00

2.5 KiB
Raw Blame History

layout, title, description, date, sidebar, comments, sharing, footer, redirect_from
layout title description date sidebar comments sharing footer redirect_from
page Self-signed certificate for SSL/TLS Configure a self-signed certificate to use with Home Assistant 2016-10-06 08:00 true false true true /cookbook/tls_self_signed_certificate/

If your Home Assistant instance is only accessible from your local network you can still protect the communication between your browsers and the frontend with SSL/TLS. Let's encrypt will only work if you have a DNS entry and remote access is allowed. The solution is to use a self-signed certificate. As you most likely don't have a certification authority (CA) your browser will conplain about the security. If you have a CA then this will not be an issue.

To create a certificate locally, you need the OpenSSL command-line tool.

Change to your Home Assistant configuration directory like ~/.homeassistant. This will make it easier to backup your certificate and the key. Run the command shown below.

The certificate must be .pem extension.

If you are going to use this certificate with the iOS app, you need to ensure you complete all fields during the cetificate creation process, then:

  • Send only the certificate.pem file to the iOS device, using airdrop or other transfer method.
  • Open the .pem file on the iOS device, follow the prompts to trust and install it.
  • If you are using iOS 10.3 or newer then additional steps are needed.
$ openssl req -sha256 -newkey rsa:4096 -nodes -keyout privkey.pem -x509 -days 730 -out certificate.pem

For details about the parameters, please check the OpenSSL documentation. Provide the requested information during the generation process.

At the end you will have two files called privkey.pem and certificate.pem. The key and the certificate.

Update the http: entry in your configuration.yaml file and let it point to your created files.

http:
  api_password: YOUR_SECRET_PASSWORD
  ssl_certificate: /home/your_user/.homeassistant/certificate.pem
  ssl_key: /home/your_user/.homeassistant/privkey.pem

A restart of Home Assistant is required for the changes to take effect.

A tutorial "Working with SSL Certificates, Private Keys and CSRs" could give you some insight about special cases.