I was blindsided by the HTTPS implementation. It was on the list for a long time to get done, but had gone unaddressed for a long time too. Then one day, it was there. Ironically, we have really beefed up our project management over the past few months, and it slipped past that also.
As for email from the platform, that is not currently in development, afaik.
Again thanks for the candor. I know that I have been critical for HE and the security in the past. And will probably continue to due so.
Please keep in mind that I would honestly rather see these things fixed than move platforms.
Yeah, well Dashboard clearly was not thought through well from a security perspective. But, at the time it was done, we badly needed something, and it filled that need. Time goes on, its inadequacies become clear --> it gets fixed. And it gets enhanced. New feature will directly support giving out guest specific Dashboards, with limited and revocable access.
Cats outa the bag now!
@anon81541053 @Hasty1 if memory serves me the reason why the HTTPS didn't get publicized and listed as non-beta was there was a bug where if you put in a bad cert, you could semi-brick your hub (or at least the HTTPS portion, I don't recall exactly because when I heard of the bug I wasn't exactly intending to try it). So now that it's been publicized, keep in mind that risk when you're using something that wasn't released!
I would prefer some time to look at it and vouch for it before it's widely used. This feature hasn't even gone through internal testing. For all I know enabling it makes the hub emit invisible sounds that compel your dog to go and eat all the left shoes in the house. I'll give it a priority tomorrow.
This was not exactly my intention to force your hand on this with the other thread. I trust that the people here understand these risks!
I'll take the risk. He has already eaten half of the right shoes in our house..... 
Didn't find any issues with HTTPS setup, so fire away. Let's call it an extended beta.
To set up HTTPS, go to http://your.hubs.ip.here/hub/advanced/certificate, copy/paste certificate/private key and save. Once saved, reboot the hub for the setting to take effect.
There's an option of SSL only on the screen. I suggest testing HTTPS connection before turning it on.
If something doesn't work, you can disable SSL by going directly to http://your.hubs.ip.here/hub/advanced/disablessl. You should be able to access the UI using plain HTTP right away.
If that doesn't work for some reason, the next option is soft reset in diagnostics tool, followed by reboot, followed by backup restore. All HTTPS settings are stored in the database.
I am assuming the disablessl url allows both ssl and http to work again?
Does this also reset back to the default cert?
DisableSSL URL turns off the "Hub UI SSL only" setting so that HTTP is enabled again. That's it, the URL doesn't do anything else.
Just a Feature suggestion. You could maybe put a revert to factory Cert/Enable HTTP button in the diagnostic tool
Trying to remember, pretty sure I reported dashboards not working. I believe Chuck explained it as a browser limitation with set signed certs and websockets. Not sure if he ever got it fixed.
My dashboards work but the dashboard menu from within the UI for some reason doesnโt work with HTTPS. This was an issue with the self signed and a valid cert.
just to be a bit clearer...
if you turn this ON:
... the way to turn it back OFF is a) have a working ssl cert and navigate to the page... OR b) use:
http://your.hubs.ip.here/hub/advanced/disablessl
That's it.. HTTPS only, on/off.
To reset the Cert back to internal is an entirely different step.. you simply delete your key & cert from the cert/key entry page and reboot. The Hubitat Cert is active then.
Yup that's the bug I recall. I was told it was websocket related but I never did any research to find out if that was true.
That never worked with https not just the custom cert. it has to due with they way they are rewriting the url to a non https site from an https site. (It might have even been an iframe) The browsers donโt allow that any more.
And @gopher.ny all the https features are working as expected for me!
That was what I thought too. Mixed content issue.
Just got around to adding hubitat to the cert I use for all my devices. Works well.
Oh wow!
I asked for this long ago and its great to see its now available.
Thanks a lot guys! will for sure give this a try...
Download the Hubitat app
