deConz/Phoscon - https adding SSL certificates

I searched unsuccessfully to find how to add SSL/certificate access to deConz and Phoscon.

Is it currently possible to disable non SSL http and allow access to the UI only
with SSL and certificates ? Even better would be certificate-based authentication, instead of username and passwords.

One would surmise there is a reason for not using SSL , or is it a matter of filing a feature request on github ?


1 Like

You do not need SSL to access the deConz UI on your LAN.
If you have exposed deConz/Phoscon ports to the internet for remote access, you should never do that. SSL alone will not protect you against attacks even if you do enable it.
SSL is not a feature of deConz but an IP setting.

Correct, bad idea to expose anything to the public Internet.

SSL provides encryption and identification, even better is certificate-based auth, instead of username/password. Just one more small step in security.

Most other systems, it’s relatively trivial to configure at least SSL, and most support client certificate authentication. (nginx, apache,etc…et al)

The question is, in 2022 with IETF and many other organizations moving toward eliminating non-secure connections (HTTP) - wouldn’t it make sense for systems such as Phoscon/deconz to keep pace ?

1 Like

SSL is not application based. Most web application can run with or without SSL. This is typically not configured in the App itself but on the web server where the app is hosted. SSL is terminated before traffic reaches the App. There’s absolutely no benefit what so ever to use SSL on a closed LAN behind a NAT router. (but there’s no disadvantage either).