Added SAN to the example openssl command (home-assistant#12258)

* Added SAN to the example openssl command This ensures that the Home Assistant Companion on Android 10 (this is what I tested) will correctly connect to the local Home Assistant instance. This is due to compliance with RFC 2818, which states that support for CN fallback is deprecated and only SAN should be used to establish whether a certificate is valid or not. * ✏️ Tweaks * Update tls_self_signed_certificate.markdown Co-authored-by: Franck Nijhof <[email protected]>
Thrilleratplay · Mar 4, 2020 · a913852 · a913852
1 parent 516380b
commit a913852
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/source/_docs/ecosystem/certificates/tls_self_signed_certificate.markdown b/source/_docs/ecosystem/certificates/tls_self_signed_certificate.markdown
@@ -23,9 +23,11 @@ Change to your Home Assistant [configuration directory](/getting-started/configu
 The certificate **must** be `.pem` extension.
 
 ```bash
-openssl req -sha256 -newkey rsa:4096 -nodes -keyout privkey.pem -x509 -days 730 -out fullchain.pem
+openssl req -sha256 -addext "subjectAltName = IP:X.X.X.X" -newkey rsa:4096 -nodes -keyout privkey.pem -x509 -days 730 -out fullchain.pem
 ```
 
+Where the `X.X.X.X` must be replaced with the IP address of your local machine running Home Assistant (e.g., `192.168.1.20`).
+
 For details about the parameters, please check the OpenSSL documentation. Provide the requested information during the generation process.
 
 At the end you will have two files called `privkey.pem` and `fullchain.pem`. The key and the certificate.