Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MacOS does not recognise self-signed controller certificate #105

Open
FleetPhil opened this issue Jul 17, 2024 · 1 comment
Open

MacOS does not recognise self-signed controller certificate #105

FleetPhil opened this issue Jul 17, 2024 · 1 comment

Comments

@FleetPhil
Copy link

I have sucessfully registered a client with the SHC, but access to the API from a macOS application using URLSession is refused with the error "Smart Home Controller Productive Root CA" certificate is not trusted.

It looks like the certificate provided by the SHC is not linked to a root that is registered on my device. This can also be seen from a curl trace...

curl -kv --cert xxx.cert.pem  --key xxx.private.key  https://192.168.86.200:8444/smarthome/rooms/ 
*   Trying 192.168.86.200:8444...
* Connected to 192.168.86.200 (192.168.86.200) port 8444
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS handshake, CERT verify (15):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 / [blank] / UNDEF
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: C=DE; O=Robert Bosch Smart Home GmbH; CN=64-da-a0-40-3a-c8
*  start date: Jan 10 06:37:53 2023 GMT
*  expire date: Jan 10 06:37:53 2025 GMT
*  issuer: C=DE; O=Bosch Thermotechnik GmbH; CN=Smart Home Controller Issuing CA
*  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
* using HTTP/1.x
> GET /smarthome/rooms/ HTTP/1.1
> Host: 192.168.86.200:8444
> User-Agent: curl/8.6.0
> Accept: */*
> 
< HTTP/1.1 200 OK
(continues with response)

The issue is the line SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway - this is fine on the command line with curl, but in an application this causes the error above: “Smart Home Controller Productive Root CA” certificate is not trusted

What I think I need to do is add the SHC Root CA to the keychain on my device, but I don't know how, or if this is the right approach?
@ilja-stas
Copy link

same here with linux

Error: HTTPSConnectionPool(host='192.168.0.10', port=8444): Max retries exceeded with url: /smarthome/devices (Caused by SSLError(SSLCertVerificationError(1, "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: IP address mismatch, certificate is not valid for '192.168.0.10'. (_ssl.c:1000)")))

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@FleetPhil @ilja-stas