not working probably due to missing path - Githubissues

Athozs / hass-additional-ca

Add private Certificate Authority or self-signed certificate into Home Assistant to access 3rd-party service with TLS/SSL.

MIT License

32 stars 4 forks source link

not working probably due to missing path #12

Open leonardpitzu opened 4 days ago

leonardpitzu commented 4 days ago

Describe the issue

the CA is not added to the specified path; the CA is not recognised

Describe your setup (please complete the following information):

Installation type: HAOS
HAOS version (if applicable): 13.2
Home Assistant core version: 2024.11.3
Additional CA integration version: 0.2.4
Kind of certificate you use: private rootCA

YAML configuration extract

default_config:
additional_ca:
  privateCA: caCert.pem

Logs

[32m2024-11-26 12:20:11.112 INFO (MainThread) [homeassistant.setup] Setting up additional_ca[0m
[32m2024-11-26 12:20:11.154 INFO (MainThread) [custom_components.additional_ca] System CA ready.[0m
[32m2024-11-26 12:20:11.221 INFO (MainThread) [custom_components.additional_ca] privateCA (caCert.pem) -> loaded.[0m
[32m2024-11-26 12:20:11.221 INFO (MainThread) [custom_components.additional_ca] Installation type = Home Assistant OS[0m
[32m2024-11-26 12:20:11.226 INFO (MainThread) [custom_components.additional_ca] Certifi bundle CA ready.[0m
[32m2024-11-26 12:20:11.242 INFO (MainThread) [custom_components.additional_ca] privateCA (caCert.pem) -> loaded into Certifi CA bundle.[0m
[32m2024-11-26 12:20:11.242 INFO (MainThread) [homeassistant.setup] Setup of domain additional_ca took 0.13 seconds[0m

Additional context

What service/device are you trying to reach from Home Assistant with TLS/SSL ?

the QNAP NAS has a self signed certificate which triggers HA to warning out every few minutes Loading the rootCA in HA is not working as the specified path does not exist

/usr/local/lib/ -> no python folder in there

Athozs commented 3 days ago

Hello @leonardpitzu

Thanks for using hass-additional-ca,

To find the python path mentioned you may look in the "homeassistant" docker container instead of HAOS land.

Have a look at https://github.com/Athozs/hass-additional-ca?tab=readme-ov-file#722-haos---home-assistant-operating-system

Hope this helps.

Athozs commented 2 days ago

Added some details on how to show Certifi CA bundle content here : https://github.com/Athozs/hass-additional-ca#52-haos---home-assistant-operating-system

leonardpitzu commented 1 day ago

OK, so after rebooting the system and not HA containers (I am running HAOS) the (my) root CA appears. Still get the "unverified" warnings when polling my QNAP NAS though...

Athozs commented 1 day ago

How did you get your root CA certificate ? You mentioned a self-signed certificate installed in your NAS, but there is no need of a root CA with a self-signed certificate, you could use the self-signed certificate in place of your root CA in HA. Another option: You could issue a certificate and key from your root CA and install it on your NAS to replace the self-signed one.

leonardpitzu commented 1 day ago

I skipped the details… I have a self generated CA which i used to sign a bunch of certificates (unifi controller, web servers, QNAP etc.). In order to have these seen as valid i always install the root CA on my devices. This is what i did also in this case - i installed the CA on HAOS and assumed that the QNAP NAS would be “secure” as well. Apparently not.