Thanks a lot for this Guys, you are awesome!
I would like to suggest a future enhancement with a system setting to force HTTPS, this could either just disable the port 80 endpoint so it is not accessible, or forward the user to the HTTPS version of the requested page automatically... whatever you think its better...
It would also be great if you could add the ability to upload your own certificate.
Thanks!
I'll second that.
+1
+1
I have a different take on this, I recently spent hours trying to configure modern browsers to talk to a 10 year old device. I ended up downloading a 8 year old live linux iso and booting it just so I could log in and disable the HTTPS only feature.
Please do not force either way - either leave 80 open - its only insecure if you use it - its existence doesn't hurt anything or allow the user to choose.
because who knows the next time Chromium project will force the next set of we know better then you rules into our browsers or OSes.
+1
It is open... and I doubt they will ever close it.
Just a thought but maybe HE can supply the root CA cert they signed with ? Then we can just import that into our browser.
It's a self-signed cert which can be imported (eg. to the Trusted Root CA cert folder).
But then you'll run into the next issue that the cert doesn't specify the CN... most modern browsers throw a warning if the CN or SAN doesn't match the server address you are hitting.
Correct. I didn't notice that until just now.
+1 to allow uploading of our own certificates; I give the Hubitat a domain name on my local network and would like to be able to securely connect to it. I know that this is only for my home LAN and its probably not that big of an issue, but I just don't feel as comfortable sending username and passwords over HTTP or insecure HTTPS.
I would also like the ability to enable HTTP to HTTPS redirection; as mentioned by eyrich, this needs to be an enable/disable option instead of forcing the user.
+1
Many of us want to be able to connect to Hubitat over the internet using HTTPS without VPN setup. +1
I enforce HTTPS on all the devices on my network, I don't want apps on other devices that share the same LAN snooping on my other connections.
If you can run an Apache instance as a reverse proxy it is possible to add HTTPS to the hub. It also gives you a place to enforce authentication using something a bit more robust than the hub's login support.
Where did Hubitat land on this? SSL should really the default even for local access. The option to turn on a redirect would be the best option for people wanting to keep http for some reason.
Even the local discovery in the hubitat app calls the http site.
This would be a nice function, from a dev stand point i'm not sure how easy it would be, but if the SSL functionality is being worked on maybe look at something like "letsEncrypt" as a simple SSL key provider. I know a lot of consumer routers are using this as a way to keep their SSL keys updated. Also using those same consumer routers as an example, they also provide a way to upload and use your own SSL certs if you want. Just my 2 cents on this feature request which would be nice.. thanks for all the great work Hubitat. You all gave me the hubitat coolaid and man it tastes fantastic!! lol!!
Download the Hubitat app
