From a913852ef43e10cd9ba4c200d565bfaf7ee50167 Mon Sep 17 00:00:00 2001 From: Valerio Baudo <41023626+vabbb@users.noreply.github.com> Date: Wed, 4 Mar 2020 09:31:20 +0100 Subject: [PATCH] Added SAN to the example openssl command (#12258) * Added SAN to the example openssl command This ensures that the Home Assistant Companion on Android 10 (this is what I tested) will correctly connect to the local Home Assistant instance. This is due to compliance with RFC 2818, which states that support for CN fallback is deprecated and only SAN should be used to establish whether a certificate is valid or not. * :pencil2: Tweaks * Update tls_self_signed_certificate.markdown Co-authored-by: Franck Nijhof --- .../certificates/tls_self_signed_certificate.markdown | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/source/_docs/ecosystem/certificates/tls_self_signed_certificate.markdown b/source/_docs/ecosystem/certificates/tls_self_signed_certificate.markdown index cbd111228d11..7926fedadcbc 100644 --- a/source/_docs/ecosystem/certificates/tls_self_signed_certificate.markdown +++ b/source/_docs/ecosystem/certificates/tls_self_signed_certificate.markdown @@ -23,9 +23,11 @@ Change to your Home Assistant [configuration directory](/getting-started/configu The certificate **must** be `.pem` extension. ```bash -openssl req -sha256 -newkey rsa:4096 -nodes -keyout privkey.pem -x509 -days 730 -out fullchain.pem +openssl req -sha256 -addext "subjectAltName = IP:X.X.X.X" -newkey rsa:4096 -nodes -keyout privkey.pem -x509 -days 730 -out fullchain.pem ``` +Where the `X.X.X.X` must be replaced with the IP address of your local machine running Home Assistant (e.g., `192.168.1.20`). + For details about the parameters, please check the OpenSSL documentation. Provide the requested information during the generation process. At the end you will have two files called `privkey.pem` and `fullchain.pem`. The key and the certificate.