Philips Hue root-bridge certificate?

[JohnConnett]

I have been trying to use Hue Entertainment PyKit but have been hitting problems with InsecureRequestWarning: Unverified HTTPS request is being made to host '192.168.199.25'. For example, I see it when running example/example.py from the github repository.

On Ubuntu, I have installed the root-bridge certificate as /usr/local/share/ca-certificates/Philips-Hue-root-bridge.crt and run sudo update-ca-certificates. There is a symlink /etc/ssl/certs/Philips-Hue-root-bridge.pem that points to the certificate. I copied the certificate from my bridge and that is verified by openssl verify bridge.pem.

Is there somewhere else I should be installing the root-bridge certificate?

Do I need to configure a certificate path or file in Hue Entertainment PyKit?

[hrdasdominik]

Hi John, Happy to hear from you. Unfortunately, I haven't found a solution yet for the validation of the certificate. Hence, that is why thr release is a Beta release (not production ready). I'm working on it but I cannot promise if it will be found soon enough since I'm not finding any solution in python at the moment on the internet. If you know anything about it or want to contribute, there are steps at the end of the README.md that you can follow. Also if you're willing to report on the github the issue. Any help and suggestion would be appreciated! Sorry for the inconvenience and I guess I should have mentioned certificate problem in the README.md

…

On Fri, 9 Feb 2024, 18:05 John Connett, ***@***.***> wrote: I have been trying to use Hue Entertainment PyKit but have been hitting problems with *InsecureRequestWarning: Unverified HTTPS request is being made to host '192.168.199.25'*. For example, I see it when running example/example.py from the github repository. On Ubuntu, I have installed the root-bridge certificate as /usr/local/share/ca-certificates/Philips-Hue-root-bridge.crt and run sudo update-ca-certificates. There is a symlink /etc/ssl/certs/Philips-Hue-root-bridge.pem that points to the certificate. I copied the certificate from my bridge and that is verified by openssl verify bridge.pem. Is there somewhere else I should be installing the root-bridge certificate? Do I need to configure a certificate path or file in Hue Entertainment PyKit? — Reply to this email directly, view it on GitHub <#9>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AQKHBI4XM63KLCQUC6ZH5Q3YSZJN5AVCNFSM6AAAAABDBZE5BOVHI2DSMVQWIX3LMV43ERDJONRXK43TNFXW4OZWGIYDANZVGE> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[JohnConnett]

No problem. I'm relatively new to Hue (although more familiar with Zigbee and Home Assistant).

I have recently bought a Philips Hue Secure Flood Light Camera EU and am interested in the feasibility of capturing a live stream from the camera. I have read the E2E Encryption Whitepaper and 2.4, Live view protection mentions DTLS and WebRTC. That is why your item Python dtls handshake without EDK attracted my attention.

I suppose I could modulate the RGB-capable floodlight to Sound of da Police when motion is detected but my real interest is in capturing the live stream.

I have posted several items on the Philips Hue Developer forum but it seems to be a very quiet place! I haven't yet found a mechanism for joining the camera to my existing Zigbee network. For now, I have a Hue Bridge (V2.1) with the camera and floodlight on their own little Zigbee network. The camera and floodlight are essentially two devices sharing a common base and power supply.

The good news is that Hue appears to use published algorithms (DTLS, P-256, PBKDF2, SDP, WebRTC). However, unless all the parameters are known there is little chance that the 10-word passphrase generated by the camera can be used for anything useful.

[hrdasdominik]

Seems interesting. I was focusing only on the DTLS part initially but I plan to develop a full library like EDK for easier use with Python. I want to solve the crucial things that developers can implement and use in production. The DTLS part is done. RGB and XYZ colour conversion I've done is probably not 100% correct but it's functional. The HTTPS CA certificate validation is a major problem. If you plan to use the library for your home solutions and not publish the apps, you're good to go. You're always welcome to help improve the library with your solution for example the camera features. Also, I hate doing this, but if you find this library useful please give the repository a star, thanks.