Supla devices TLS PKI certificate chain

stepankuklis · Post Sun Jan 26, 2025 1:14 pm

Hello, Im selfhosting supla with docker. I'm interested in some documentation regarding TLS to the devices.
Web UI uses certificate from ssl/cloud
So I suppose for communicating with devices we use ssl/server
Now there is quite an ancient cert from my first install of Supla, way back.
If I have a valid certificate for my DNS, I can paste it there, the same way I would for the ssl/cloud. Then, I can restart the container, and it should work.
I noticed some settings in the devices config page. I'm not sure what each option means.
Are the devices capable of verifying the whole certificate chain? or is it more like PSK that never changes, since you have to go to config mode and set it up via browser? Can we push changes from the Supla app and not break things?
(also I had to to some operations in the past to enable updating devices from the selfhosted environment, I remember you said that my instance will register somewhere, is it with the ssl/server cert? Im not sure what I can break if I fiddle with this.. )

I'm fine with reading docs, but I probably couldn't find the right ones...

pzygmunt · Post Sun Jan 26, 2025 1:19 pm

stepankuklis wrote: Sun Jan 26, 2025 1:14 pm Are the devices capable of verifying the whole certificate chain?

Yes, the device can verify the chain if the certificate was issued by us. We can generate such a certificate for you if you send the domain name of your instance to a private message. Devices should connect with the domain address. You cannot use such a certificate for HTTPS. For HTTPS you should generate e.g. Lets Encrypt.