Skip to content
/ home-server Public

Software to store and provide data produced by a smart meter and environmental sensors (temperature / humidity). Inspired by Toon.

License

Apache-2.0 license
5 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bassages/home-server

BranchesTags

Repository files navigation

home-server

Build home-server Coverage Code Smells Bugs Vulnerabilities

Features

  • Provides a RESTful API to store and query data related to a smart meter
  • Provides a RESTful API to store and query data related to environmental sensor readings (temperature and humidity)
  • Ability to send gas meter readings to mindergas.nl on a daily basis

Links

Technical notes

SSL Certificates / https

Create keystore with a self-signed certificate

keytool -genkeypair -alias home-server-localhost -dname "cn=localhost, ou=home-server, o=home-server, l=Deventer, s=Overijssel, c=NL" -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore home-server-localhost-keystore.p12 -validity 3650 -ext san=dns:localhost,ip:127.0.0.1,ip:::1

When prompted for a password, supply a strong one, you could for example generate one on https://passwordsgenerator.net/.

For more information about keytool, see keytool tutorial by Oracle.

If you omit the -ext san=... part, Chrome Developer Tools complains with a message like Invalid self signed SSL cert and Subject Alternative Name Missing

Export public key

keytool -export -alias home-server-localhost -keystore home-server-localhost-keystore.p12 -rfc -file home-server-localhost.cer

This command effectively:

  1. Reads from the keystore file named home-server-localhost-keystore.p12.
  2. Looks in that file for the alias named home-server-localhost.
  3. Exports the public key to the new file named home-server-localhost.cer.

For more information about the content of the -dname parameter, see: Certificate Attributes tutorial by Oracle.

Configure Spring Boot to use the keystore on the server

Add to application.properties:

# The format used for the keystore. It could be set to JKS in case it is a JKS file
server.ssl.key-store-type=PKCS12
# The path to the keystore containing the certificate
server.ssl.key-store=classpath:home-server-localhost-keystore.p12
# The password used to generate the certificate
server.ssl.key-store-password=<replace with password that was created in step "Create keystore with a self-signed certificate">
# The alias mapped to the certificate
server.ssl.key-alias=home-server-localhost

Futhermore:

  1. Make sure to require a secure channel:
    public void configure(final HttpSecurity http) throws Exception {
        http
            .requiresChannel()
            .anyRequest().requiresSecure()
            .and()
  1. Change the server port, 443 is the default port for https, example application.properties:
server.port=8443

Create a truststore to be used by java clients that make requests to the server

keytool -importcert -file home-server-localhost.cer -keystore home-sensors-truststore-localhost.p12 -alias "home-server-localhost"

When prompted for a password, supply a strong one, you could for example generate one on https://passwordsgenerator.net/. Use a different password than the one used for the keystore (see "Create keystore with a self-signed certificate").

Use truststore from client

Add VM options: -Djavax.net.ssl.trustStore=<absolute-path-to->home-sensors-truststore-rpi.p12 -Djavax.net.ssl.trustStorePassword=<password, see "Create a truststore">

When connection fails, add the following VM option and retry: -Djavax.net.debug=all. Inspect the logging for hints about what is wrong. Furthermore read the following acticle Handshake failure scenarios on Baeldung

Tools