remote access doesn't work with ssl require directive #4
Comments
|
I also use openHAB with ssl. But I'm confused about your request. The certificate for openHAB is on the server side, not the client side. Are you using a non-standard CA for your certificate? If so, I think you may have trouble. There's no way that I know of for a pebble watch app to tell the pebble app running on your phone to use a different CA chain, short of manually installing the new CA in the phone OS. Have you given that a try? Alternatively, it's pretty cheap these days to get an SSL cert signed from a well known CA, such as a Comodo PositiveSSL cert for $5/year. https://www.ssls.com/ssl-certificates/comodo-positivessl That's what I'm using. |
|
Hi, In my self signed ".p12" certificate, there are the Certificate authority and client certificate so no problem with that. In android if you do that it's ok. But the application must have to know that it's not a system certificate but a user certificate. For example, I use owncloud calendar. I set up my web server to use ssl require directive to ask the client giving a valid certificate. To be ok, I asked the caldav developper to choose a certificate in android trusted certificates store and it works without having to use a well know CA. Another example is my connexion to openhab interface with firefox. Firefox can now choose a certificate from android trust store. So if no certificate no connexion. I don't know if I'm clear, but security is very important to me. If your ok, and if you don't want waste your time. I propose to ask pebble team how a watchapp can use a client certificate and if it is possible. Tell me. Thank you , Gilles. |
|
Ah, you are doing client side SSL authentication. Yes, that would be more secure. However, I'm pretty sure that requires a change in the official Pebble app for your phone, as the current API doesn't seem to provide any way to provide a client SSL certificate on HTTP communication. https://developer.getpebble.com/docs/pebblejs/#ajax Let me know if you find out a way to do client side certs and I'll look into adding it. |
|
Hi, I give them this issue to hav the possibility to contact you as I don't know you e-mail. Here is what I wrote: " Fisrt my apologies for my late answer. I'm not the developper of the application just a user. Unfortunatly, my skills are on linux side. The best I can do is to put the github link to you have the possibility to contact the dev as I haven't got his e-mail. From my user side I need to reach an https webserver with the obligation to use a p12 certificate which is stored in android trust store. Again, thank you answering me. I'm available to do some tests if needeed. Best Regards, Gilles. Le 08/11/2015 05:01, Pebble Developer Support a écrit :
Gilles |
|
Here is their answer: Jon Barlow (Pebble Developer Support) Hi Gilles, Thanks for the update. It's probably best if use the 'contact developer' button via their app in the Pebble appstore. Then the developer can liaise with us directly to investigate this further. Kind regards, Jon Barlow |
|
Hi, As promise I contact pebble support and they agree to work with you. I can't do anything more. Gilles. |
|
Hi there! Last fall, this project moved to: http://github.com/openhab/openhab.pebble Please open an 'issue' there requesting support for client side certificates. Thanks! |
Hi,
First thank you for your app it's very usefull.
Unfortunately I'm using openhab with ssl certificate. If no certificate in your app no connexion.
Could you please add the possibility to choose the certificate in android store ?
If you need more information don't hesitate to ask me.
Thank you.
Gilles.
The text was updated successfully, but these errors were encountered: