Open GrmpCerber opened 8 years ago
RoadXY
commented
8 years ago I would like to know how many people use this since this could take quite a lot of time to get this implemented. For instance, I'd have to change my server to use TLS. It took quite some time to get self signed certificates working so my guess this wouldn't be any different.
GrmpCerber
commented
8 years ago I'm ready to help ;) (after all I used to be a core java developper in another life, yet, I'm not "Android fluent" ;) )
I was able to track this down to the null param in this line, but from my experience, this means it should use the default KeyManager which it does not here.
It's failing with a SslHandshake exception with a cryptic hex string and I'm not presented with a "choose your certificate" popup.
Is there a way to get the full stack trace ?
RoadXY
commented
8 years ago I've been reading up on mutual authentication but it's very specific and you'd have to be quite knowledgeable to have this implemented in both your phone and server. I'll think about it though.
ghost
commented
8 years ago Client authentication with X509 certificate would be great to secure access to domoticz. Server side setup is already explained on domoticz's wiki: https://www.domoticz.com/wiki/Secure_Nginx_Proxy_Setup
RoadXY
commented
8 years ago @GwennG Server side is already implemented and working.
It would be nice if the client was able to execute a TLS mutual authentication (with an X509 certificate), thus enhancing server security. (HTML client via Chrome is dealing fine with it)