I've looked over all the topics I can find, and it seems I'm the only person who can't figure out the best way to generate a self-signed certificate for my Hubitat Hub. I know where to enter the certificate information on the hub, but I'm uncertain how to generate an SSL certificate for it.
Can you assume I have some (but limited) knowledge of Linux and provide a set of Linux commands that would work?
I've got a dedicated server for hosting websites and can get to a Linux command line to run some Linux commands on that Linux host, but I don't know if I could generate them on that host and just copy them over.
I have a Synology NAS and unsuccessfully tried using it as a Reverse Proxy for the Hubitat. I've got SSL working for the NAS and am even using it as a Reverse Proxy for my Homebridge Server that is running on the NAS.
Finally, I have a Raspberry Pi on my home network if that is another option for generating a certificate.
Curious what you are trying to do exactly? Seems very complicated. I am honestly not sure why anyone would need to put a SSL cert on the hub. Are you worried someone on your LAN is going to sniff local traffic and uncover login credential?
Per my post, I'm trying to generate an SSL certificate for my Hubitat. I know how to use Google, but I appreciate you assuming that I hadn't thought of that heretofore.
Yup, and in my personal experience I have created my own certs a long time ago by doing exactly that, searching on google and following the instructions I found. I skimmed the top matches earlier and they all looked legit so I thought that would be a good start for you.
I also was curious why, which I understand you have no obligation to tell me. But generally curious because in my mind it seems pointless.
That's exactly what Jeff's Google link provided. Links with step-by-step instructions. Are you asking how to INSTALL a self-signed certificate on your Hubitat? Those instructions are here:
If you are going to make a self signed cert, you must also create the root cert from which to sign it with. Your root cert will not be trusted by anything unless you also install that root cert in everything you will access the system your self signed cert is in with. Your PI (linux) can do it and so can Windows with command line programs. It is a multi step process creating several files. The advice to ask Google to point you to a guide is sound.
I suppose I'll go elsewhere for help. I'm new to the community (and even run a large community myself). I provided background that I have access to a Linux server and a Raspberry Pi and have tried other things.
While it may seem bewildering to some that I didn't find a Google search helpful, it is because the Google search is what I tried. I even attempted to try using my Windows machine but got stuck getting OpenSSL installed so I can generate a certificate.
The why" I want it is immaterial. I don't mean to sound ungrateful or rude, I was simply looking for advice on the best approach to generating a certificate where it doesn't entail a lot of Linux knowledge.
I'll figure it out myself (since that is what the community is suggesting I do). I was merely hoping that someone might point me in the most advantageous direction.
Did you actually try ANY of the links from the search though? Not trying to be snarky, legit asking.... Because the very 1st one that pops up for me shows how to do it in Linux, which you have.
I just tested it, and it works. At least for what I tested it for (which admittedly was not to install on a Hubitat hub).
Anyway, good luck. Maybe keep the thread open and someone else that has done it specifically for a Hubitat hub will post ate[p by step instructions for you. Not everyone hits the forums during US business hours.
there...one liner:
To generate a self-signed certificate using OpenSSL, you can use the command: openssl req -newkey rsa:2048 -nodes -keyout private_key.pem -x509 -days 365 -out public_certificate.pem. This command creates a private key and a public certificate valid for 365 days.
I have not used the web site myself, but my router uses their API to make its own cert (but then I just use http anyway so not sure why I even have it enabled ).
Let's Encrypt isn't fun unless you can auto rotate/refresh the cert though (which you can't on hubitat, as far as I know) since it has such a short expiration.
Yeah good point for that one, too short of expiration for Hubitat.
I just don't bother because if my kids (or wife) run a Wireshark sniffer and then get into my router or hub using my credentials I will congratulate them.
No one else has access to my LAN, and if they do get on there somehow then have at it and good luck.
).
