OpenSSL on Windows and adding SSL Cert to Zigbee2MQTT

Published by necrolingus on

This is an extension to my “Home Assistant on Docker” post which can be found here: https://techstuff.leighonline.net/2023/03/10/home-assistant-in-docker-home-assistant-core/

The issue

Because I access Home Assistant over SSL, the IFrames must also be loaded over SSL.

Keep in mind that because we will be using a self signed cert, we will get the “bad certificate” icon in our browser every time after we accessed an IFrame, but that is fine. As long as it works.

OpenSSL on Windows

We will be setting up OpenSSL on Windows. Go to this URL and download the OpenSSL for Windows binary. You can download OpenSSL Light.

https://wiki.openssl.org/index.php/Binaries

openssl binaries

After you installed OpenSSL, add the install path to your Path Environment Variable so you can just type “openssl” in command prompt:

environment variables

If you have an already opened command prompt window you have to close and open it before the above will work.

command prompt

Now run this command:

openssl req -newkey rsa:2048 -nodes -keyout privkey.pem -x509 -days 3650 -out certificate.pem

This will create your private key called “privkey” and a certificate called “certificate” in the folder you were in when running the command. The certificate will be valid for about 10 years (3650 days)

Notice we are NOT creating a root CA certificate. If you want you can create a root CA certificate and import it into your browser so that your browser will trust your self signed certs and not display the “this site certificate looks dodgy” message.

If you want to create a root CA, check out this page: https://devopscube.com/create-self-signed-certificates-openssl/

If you want to create a certificate with a SAN, check out this page: https://help.bizagi.com/bpm-suite/en/index.html?subjectaltname_support.htm

Configure Zigbee2MQTT SSL certificates

Copy these certificates to the volume that you mounted in your docker-compose file:

So my certificate and key will be located in: /opt/homeassistant/zigbee2mqtt/data/sslkeys/

docker

Now update your Zigbee2MQTT config file:

zigbee config file

Now in Homeasistant, we need to tell it to load Zigbee2MQTT over HTTPS:

zigbee config file

Categories: DockerHome Assistant
Tags:

Related Posts

Lancache and Pihole – The easy way

There doesn’t seem to be a single, simple, straight forward tutorial online that shows how to get Lancache working with Pihole. These are the URLs that I referenced to get this working, so just listing Read more…

Run pi-hole in a Docker Container

I will be running pi-hole on Ubuntun 22.04. The problem is, port 53 is already in use by my host, so lets sort this out first. Check if port 53 is in use You can Read more…

Solar Assistant MQTT bridge to Home Assistant

I am running an Axpert inverter with Solar Assistant on a Raspberry Pi. Solar Assistant collects data and makes an MQTT broker available. My Home Assistant (core, running in docker) has an MQTT broker defined Read more…