• Replies 2 replies
  • Subscribers 15 subscribers
  • Views 1369 views
  • Users 0 members are here
Options
Related

Handling HTTPS/SSL in makeJsonRequest

nairolf123
over 8 years ago
Hi all,

Background:
I am the developer of the GarminFhem widget, which uses HTTP requests to control the Fhem home automation system. Using a standard web browser, I can submit such request via HTTP and via HTTPS. My personal Fhem installation uses certificates that I created locally on my own for HTTPS. Therefore, the common web browsers cannot verify my certificates and I have to confirm in popups in Safari/Chrome/etc. that I am still trusting my own certificates, which I usually do :-).

Issue:
Now I would love to send the requests from my GarminFhem widget to my Fhem installation via HTTPS. In the simulator, it works, but on the watch, I get a timeout when sending the makeJsonRequest (NETWORK_REQUEST_TIMED_OUT = -300). My guess is that it is because the GarminConnect App on my iPhone, which eventually sends out the requests to my Fhem system, does not trust the certificate.

Question:
  • Can anyone confirm my guess?
  • Does anyone have an idea how I can make the GarminConnect trust my certificate?
  • Does anyone know how to get more debug information than the return code from the json call?
  • Any other hints?


Thanks a lot & best regards,
Florian
  • over 8 years ago
    Does anyone have an idea how I can make the GarminConnect trust my certificate?

    I believe that the best way would be to get a trusted certificate authority to sign your certificate. Your certificate will be trusted if it is signed by a trusted certificate authority. You should be able to get a certificate for free these days...

    https://www.sslforfree.com
    https://letsencrypt.org
    https://gethttpsforfree.com

    The advantage of this is that the certificate should work with any browser you point at it.

    If you don't care to get a certificate that is signed by a signing authority, you can install the certificate onto your devices. On iOS, you can e-mail your self-signed certificate to yourself and then opening the attachment. I'm sure you can do this on android, but I'm not sure if the process is the same. A google search about installing ssl certificates on your device should help.

    Does anyone know how to get more debug information than the return code from the json call?

    No, not really. The system is a black box.
  • over 8 years ago
    Hi Travis,

    once more: A big thank you for your prompt and helpful reply.

    https://www.sslforfree.com
    https://letsencrypt.org
    https://gethttpsforfree.com

    The advantage of this is that the certificate should work with any browser you point at it.

    I got it working now via sslforfree.com. I have already tried it a couple of weeks ago with letsencrypt, but it did not work because I am using a subdomain of a domain that I dont own (I only "own" the subdomain). With "SSL for Free", I got a certificate etc. and it is working - I can now access my home automation system via HTTPS :D

    But, there is another new issue: Though the HTTPS requests that I sent from my watch are received by my home automation system and the intended command is executed successfully, makeJsonRequest returns -300, i. e. NETWORK_REQUEST_TIMED_OUT. That means my watch now displays an error message and I have no confirmation on the watch that the command was executed successfully.

    Does anyone have similar experiences, i. e. https calls are actually transmitted properly, but makeJsonRequest returns a timeout?

    Here is my code:
    function callFhem(command)
    {
    //TODO Test SSL again when proper SSL setup

    if (!self.communicationOngoing)
    {
    communicationOngoing = true;

    MessageContainer.getInstance().setPermanentMessage( Ui.loadResource(Rez.Strings.message_processing) );

    Comm.makeJsonRequest(
    FhemPropertiesHandler.getFhemUrl(),
    { "cmd" => command },
    buildOptions(),
    method(:onReceiveJsonResponse));

    FhemDebugUtils.logInfo("Request Sent:" + command);
    }
    }

    function buildOptions()
    {
    if (FhemPropertiesHandler.isFhemAuthenticationRequired() == true)
    {
    var authenticationStringEncoded = getAuthenticationStringEncoded();

    var headers = {"Content-Type" => Comm.REQUEST_CONTENT_TYPE_URL_ENCODED};

    headers.put("Authorization", Lang.format("Basic $1$", [authenticationStringEncoded]));

    var options = { :method => Comm.HTTP_REQUEST_METHOD_GET,
    :headers => headers};

    return options;
    }
    else
    {
    return null;
    }
    }

    If you don't care to get a certificate that is signed by a signing authority, you can install the certificate onto your devices. On iOS, you can e-mail your self-signed certificate to yourself and then opening the attachment. I'm sure you can do this on android, but I'm not sure if the process is the same. A google search about installing ssl certificates on your device should help.


    Unfortunately, this did not work for me. I have tried it before I got the certificates from SSL for Free. After I installed my self-signed certificate on my iPhone, I could work with my home automation system without warnings in Safari, but the makeJsonRequest calls still returned an error (also a timeout :-)). Anyway, it is strange, but I won't follow up here because the new certificates from SSL for Free a way better solution in my eyes.