TLS 1.0 or 1.2

Which level does Hubitat use?

Neither. Those are SSL protocols and Hubitat is http only. Least mine is. :slight_smile: It would open up a large support nightmare given Hubitat is local and has no certificate.

Remember, on the ST side, we all connect to ‘shards’ and those exist within SmartThing’s domain and therefore each shard gets a cert.

Here on the Hubitat side, there would have to be an individualized cert per Hubitat hub. Not at all hard to do, but a nightmare to manage and support for people that can’t even spell TLS. :smiley:

Now that I read that, I’m smacking myself in the head. I didn’t stop to think about where the cert would live. Thank you for the reminder!!!

no problem. I go weeks at a time with purple lumps on my forehead. :smiley:

I’m in favor of it though.

I have my own CA here (self signed) and can generate a cert and key in a couple minutes. Now, where’s the interface to do the install ? :smile:

Again, easy to build openssl into the Hub’s OS, but again, documenting that process would not be any kind of fun, I’d say.


I guess for (encrypted) remote access, one has to configure OpenVPN?

Yes, there is no straight up remote access currently. A VPN is the way to go.

1 Like

Hey all. I am trying to port an app from smartThings over to hubitat. The app uses TLS. Based on this conversation do you have any other suggestions on what I can do? Here is the code:

return httpPost([
        	uri: "",
            headers: [
				'Referer': '',
				'Content-Type': 'application/x-www-form-urlencoded; charset=utf-8',
                'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36'
            tlsVersion: "TLSv1.1",
            body: "source=DLNA&targetURL=${settings.attUsername}&password=${settings.attPassword}"
        ]) { response ->

Has there been any update to adding a self-signed certificate to the Hubitat? Currently when I try to access my Hubitat locally over https is does server a self-signed certificate. I also run my own Private CA for my network so just even the ability to simply have a CSR download button and then certificate upload would be awesome. I have yet to see that in the GUI or is there a way to SSH in and manually do the whole process?

No, no change to the Hub related to SSL.

That is very disappointing to hear! I guess I may have to try and get UART to install a cert.

What is an UART?

I could be mistaken, but I think @Jacob means some sort of USB to TTL cable, with the intention of possibly getting access to the underlying OS to add their own self-signed certificate.

1 Like

I'm assuming the same.. spend 30-40 hours to save one from installing a cert in a browser.

Like a lot of people, I have my own CA too. Thus I know the desire to use it, completely.


@aaiyar Is correct as to my intentions. However it shouldn't take 30-40 hours of work. It would take probably at most 2-3 hours. I already have an idea of the pinout, it will simply be a matter of confirming which pin is what. Then its simply a matter of checking if they actually locked down UART, which my guess is they did not. Figuring out the directory with their certificate and then replacing it with my ow and rebooting the device.