Sugestion / request on the new SSL functionality


#1

Thanks a lot for this Guys, you are awesome!

I would like to suggest a future enhancement with a system setting to force HTTPS, this could either just disable the port 80 endpoint so it is not accessible, or forward the user to the HTTPS version of the requested page automatically... whatever you think its better...

It would also be great if you could add the ability to upload your own certificate.

Thanks!


Add support to upload SSL cert/key
#2

I'll second that.


#3

+1


#4

+1


#5

I have a different take on this, I recently spent hours trying to configure modern browsers to talk to a 10 year old device. I ended up downloading a 8 year old live linux iso and booting it just so I could log in and disable the HTTPS only feature.

Please do not force either way - either leave 80 open - its only insecure if you use it - its existence doesn't hurt anything or allow the user to choose.

because who knows the next time Chromium project will force the next set of we know better then you rules into our browsers or OSes.


#6

+1

It is open... and I doubt they will ever close it.


#7

Just a thought but maybe HE can supply the root CA cert they signed with ? Then we can just import that into our browser.


#8

It's a self-signed cert which can be imported (eg. to the Trusted Root CA cert folder).

But then you'll run into the next issue that the cert doesn't specify the CN... most modern browsers throw a warning if the CN or SAN doesn't match the server address you are hitting.


#9

Correct. I didn't notice that until just now.


#10

+1 to allow uploading of our own certificates; I give the Hubitat a domain name on my local network and would like to be able to securely connect to it. I know that this is only for my home LAN and its probably not that big of an issue, but I just don't feel as comfortable sending username and passwords over HTTP or insecure HTTPS.

I would also like the ability to enable HTTP to HTTPS redirection; as mentioned by eyrich, this needs to be an enable/disable option instead of forcing the user.


#11

+1


#12

Many of us want to be able to connect to Hubitat over the internet using HTTPS without VPN setup. +1


#13

I enforce HTTPS on all the devices on my network, I don't want apps on other devices that share the same LAN snooping on my other connections.


#14

If you can run an Apache instance as a reverse proxy it is possible to add HTTPS to the hub. It also gives you a place to enforce authentication using something a bit more robust than the hub's login support.