Comments (15)
HAOS is a linux OS with Home Assistant running in a container inside. You must look into the container to check your certificates.
From SSH prompt, rundocker exec -ti homeassistant bash
to go inside container. You need protection mode disabled in SSH Add-on config.
You may try Home Assistant Docker installation instead.
Hello Athozs,
how right you are. I wasn't in the Homeassistant container the whole time. Only on the Home Assistant OS Mini operating system. Everything now works in the Homeassistant container. I forgot that everything runs in containers. Also the add-ons.
Greetings from Stefan Harbich
from hass-additional-ca.
@sharbich what service/device are you trying to reach from Home Assistant with SSL ?
Hello Athozs,
because I log in to Homeassistant via my LDAP server. This is only possible in encrypted form.
Greetings from Stefan Harbich
from hass-additional-ca.
Hello @sharbich
If you look at the logs, I think they should tell you that the path to your certificate wasn't found.
Could you try something like the following config, specify the relative path to the certificate instead of absolute path, like this:
default_config:
additional_ca:
Test: HarbichCA.pem
# ...
# here is the rest of your config
from hass-additional-ca.
from hass-additional-ca.
Hello Athozs,
i have the following questions:
How do I turn on debug logging?
How is integrity started?
Could it be a rights issue?
Is it a bug in the Python script?
Thank you in advance for your support.
from hass-additional-ca.
Hi sharbich,
How do I turn on debug logging?
Add the following in configuration.yaml
:
logger:
default: info
How is integrity started?
See section How does Additional CA work under the hood ? in docs
Could it be a rights issue?
I don't think so, in my HAOS test VM I have
➜ additional_ca ll
total 4K
-rw-r--r-- 1 root root 1.1K Jan 29 12:02 ca.crt
Is it a bug in the Python script?
I don't know yet.
If possible, could you copy-paste logs mentionning additional_ca ?
What is your use-case ?
Why do you have both a HarbichCA.pem
and a HarbichCA.crt
files ?
Why only adding HarbichCA.pem
to your CA store ? Why not HarbichCA.crt
?
Your HarbichCA.pem
has an empty line, seems unusual.
Could you check your certificate validity with the following command line:
openssl x509 -in config/additional_ca/HarbichCA.pem -text -noout
from hass-additional-ca.
Add the following in
configuration.yaml
:logger: default: info
I have set the logging to debug and don't get any display when starting the device. So I can't see if your add-on is working properly. Why not? Does the add-on not work?
I don't think so, in my HAOS test VM I have
➜ additional_ca ll total 4K -rw-r--r-- 1 root root 1.1K Jan 29 12:02 ca.crt
That's how it looks to me too.
I don't know yet. If possible, could you copy-paste logs mentionning additional_ca ? What is your use-case ? Why do you have both a
HarbichCA.pem
and aHarbichCA.crt
files ? Why only addingHarbichCA.pem
to your CA store ? Why notHarbichCA.crt
? YourHarbichCA.pem
has an empty line, seems unusual.
I deleted two extra columns in the certificate (data protection).
I only tried HarbichCA.crt. Without success. How does the add-on work when Homeassistant starts? Which process starts the Python scripts in the "/config/custom_components/additional_ca/" directory? How can I check this?
Greetings from Stefan Harbich
from hass-additional-ca.
Hello Athozs,
i copy the file HarbichCA.crt to the folder "/usr/local/share/ca-certificates/" and run the command "update-ca-certificates" the self-signed certificate is added. This means that your script no longer works.
from hass-additional-ca.
Hello,
It's an integration, not only a script, it is run by Home Assistant itself.
Could you try the following
- Use only one cert, must be the same in path and in config (HarbichCA.crt)
- stop and remove your homeassistant container
- Reboot HAOS
Then provide the logs here, I cannot help without logs.
Please describe your use case with details.
from hass-additional-ca.
Hello Athozs,
i have installed Home Assistant OS 11.5, Home Assistant Core 2024.2.2 on a Mini PC. The file “HarbichCA.crt” is located in the “/config/additional_ca” folder. Here is the logging information from the file "/config/home-assistant.log". I see in the log that "additional_ca" was started successfully and a file called "HarbichCA.crt" was found.
cat /config/home-assistant.log | grep additional 2024-02-18 23:41:48.248 WARNING (SyncWorker_2) [homeassistant.loader] We found a custom integration additional_ca which has not been tested by Home Assistant. This component might cause stability problems, be sure to disable it if you experience issues with Home Assistant 2024-02-18 23:41:50.690 INFO (MainThread) [homeassistant.bootstrap] Setting up stage 2: {'blueprint', 'onboarding', 'auth', 'tts', 'trace', 'logbook', 'stream', 'diagnostics', 'input_select', 'device_automation', 'additional_ca', 'analytics', 'shopping_list', 'person', 'zone', 'lovelace', 'ffmpeg', 'scene', 'repairs', 'mobile_app', 'default_config', 'hardware', 'system_health', 'script', 'media_source', 'counter', 'history', 'input_boolean', 'input_button', 'assist_pipeline', 'file_upload', 'input_text', 'map', 'radio_browser', 'conversation', 'stt', 'openweathermap', 'automation', 'sun', 'homeassistant_alerts', 'config', 'image_upload', 'input_datetime', 'search', 'wake_word', 'timer', 'tag', 'input_number', 'google_translate', 'persistent_notification', 'hacs', 'my', 'schedule', 'energy', 'application_credentials', 'met'} 2024-02-18 23:41:51.158 INFO (MainThread) [homeassistant.setup] Setting up additional_ca 2024-02-18 23:41:51.580 INFO (MainThread) [custom_components.additional_ca] Ready. 2024-02-18 23:41:51.638 INFO (MainThread) [custom_components.additional_ca] Test (HarbichCA.crt) -> loaded. 2024-02-18 23:41:51.638 INFO (MainThread) [custom_components.additional_ca] Installation type = Home Assistant OS 2024-02-18 23:41:51.639 INFO (MainThread) [homeassistant.setup] Setup of domain additional_ca took 0.5 seconds 2024-02-18 23:56:52.130 INFO (MainThread) [homeassistant.components.analytics] Submitted analytics to Home Assistant servers. Information submitted includes {'uuid': 'dc2f8891f23a4071a22e88839d3fd529', 'version': '2024.2.2', 'installation_type': 'Home Assistant OS', 'supervisor': {'healthy': True, 'supported': True, 'arch': 'amd64'}, 'operating_system': {'board': 'generic-x86-64', 'version': '11.5'}, 'certificate': False, 'integrations': ['shopping_list', 'person', 'http', 'default_config', 'script', 'radio_browser', 'openweathermap', 'google_translate', 'met', 'logger', 'tts', 'scene', 'bluetooth', 'automation', 'sun', 'frontend', 'hassio'], 'custom_integrations': [{'domain': 'additional_ca', 'version': <AwesomeVersion SemVer '0.0.0'>}, {'domain': 'hacs', 'version': <AwesomeVersion SemVer '1.34.0'>}], 'addons': [{'slug': 'a0d7b954_ssh', 'protected': True, 'version': '17.1.0', 'auto_update': True}, {'slug': 'core_configurator', 'protected': True, 'version': '5.8.0', 'auto_update': True}], 'energy': {'configured': False}, 'recorder': {'engine': 'sqlite', 'version': <AwesomeVersion SimpleVer '3.44.2'>}, 'state_count': 46, 'automation_count': 0, 'integration_count': 17, 'addon_count': 2, 'user_count': 3}
This file was not copied to the /usr/local/share/ca-certificates directory. It is also not present in the “/etc/ssl/certs” directory. If I do everything manually I see the file in the "/etc/ssl/certs" directory like this:
cat /etc/ssl/certs/ca-cert-HarbichCA.pem -----BEGIN CERTIFICATE----- MIIDsTCCApmgAwIBAgIUa5YTHxAZeFQbxtTHDusUqiQWj4owDQYJKoZIhvcNAQEL BQAwYDESMBAGA1UEAwwJSGFyYmljaENBMQwwCgYDVQQLDANwa2kxEDAOBgNVBAoM B0hhcmJpY2gxFjAUBgoJkiaJk/IsZAEZFgZoYXJuZXQxEjAQBgoJkiaJk/IsZAEZ FgJkZTAeFw0yMzEwMzAxMzQ3MzdaFw0zMzEwMjcxMzQ3MzZaMGAxEjAQBgNVBAMM CUhhcmJpY2hDQTEMMAoGA1UECwwDcGtpMRAwDgYDVQQKDAdIYXJiaWNoMRYwFAYK CZImiZPyLGQBGRYGaGFybmV0MRIwEAYKCZImiZPyLGQBGRYCZGUwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUwckDbx98BnWFqT6BvlyUN05RtgvwywX1 tns5H/xAu8cQwCjEvLWcrJq8H/i+7vC1ZwAuoudJRJdEkr1DeCzcWzEQgvthiqGE x3DRj7mE1hGqvEbFEH5XbMIfO+leV6SQDeOtOvGiMY2qfp74wDo2423681MR/ZPX 6vXmm8DGq5fSjMmGuoy1dLbzliMywHS9qiQdd6Rh2YD4Z9GDJ5XmxMX38qhb+1dg yl43PA12dTz61e0CZ7CmbcetTpEV4aukIEZTC/RUbWJDAY3JvVtB0Br9+mAb13+E sEhEmOb4eBVdeo0gVTCezVdRJW7HJMgmXMsLIydKVaAx6SlrG2IjAgMBAAGjYzBh MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU/fkF8a4ZDfBGFx/4JHM0sFgG ptowHQYDVR0OBBYEFP35BfGuGQ3wRhcf+CRzNLBYBqbaMA4GA1UdDwEB/wQEAwIB hjANBgkqhkiG9w0BAQsFAAOCAQEAiJS/ElJp3wDSjW3efcfFzT6A+QzkwwB71DX1 syuoroAPcnpP9IeAiBFfeHUjvJJP9PABDuMe2ABsN21sDkraT5lCD6odfCmWeg8f 6Bs5FhqCTg/m3i3GiUSa8PbMhspT12oxgHgNGS2tNjX1R1p2UyRP9FtiejeUJR3c +6B+1V6Dp7nQVvx+onETi6AOpoUiC6GonLiomxeE8mQMqF1RvDMPYwWunOklQ5LK GBTsfn6hmCpQ9Pi65cWhxXWHGNzYsGyzGzn5jUHYie+Gq9GNVAosbK3y1TCrJaW8 rTfdXW/BLVha2B7KDJ2AlgDNh+RuMDY9curxW5cssrv22w3bpQ== -----END CERTIFICATE-----
Can you tell me how Homeassistant starts the add-on internally?
from hass-additional-ca.
Can you tell me how Homeassistant starts the add-on internally?
Home Assistant looks for integrations in config/custom_components
directory and loads them automatically, accordingly with the domain key additional_ca
in configuration.yaml
for this integration.
In case of HAOS, using update-ca-certificates
is not enough because you cannot set permanently the environment variable REQUESTS_CA_BUNDLE
.
In case of HAOS, this is why Additional CA integration adds also your certificate into Certifi CA bundle, located at /usr/local/lib/python3.12/site-packages/certifi/cacert.pem
.
You may need to reset the Certifi CA bundle.
I updated the docs, could you follow the trouble shooting guide for HAOS at https://github.com/Athozs/hass-additional-ca?tab=readme-ov-file#82-haos---home-assistant-operating-system in order to reset the homeassistant container inside HAOS.
from hass-additional-ca.
In case of HAOS, this is why Additional CA integration adds also your certificate into Certifi CA bundle, located at
/usr/local/lib/python3.12/site-packages/certifi/cacert.pem
.
The directory mentioned above does not exist for me. All of your suggestions don't work either. The add-on doesn't work. I'm thinking about a supervisor installation. It just bothers me with Homeassistant that everything is so limited. Reminds me a little of Microsoft. Not open source. I'm thinking about an alternative.
from hass-additional-ca.
HAOS is a linux OS with Home Assistant running in a container inside. You must look into the container to check your certificates.
From SSH prompt, run docker exec -ti homeassistant bash
to go inside container. You need protection mode disabled in SSH Add-on config.
You may try Home Assistant Docker installation instead.
from hass-additional-ca.
@sharbich what service/device are you trying to reach from Home Assistant with SSL ?
from hass-additional-ca.
Glad to know it's working now :)
Hello Athozs, because I log in to Homeassistant via my LDAP server. This is only possible in encrypted form. Greetings from Stefan Harbich
Very good reason 👍
from hass-additional-ca.
Related Issues (5)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hass-additional-ca.