Feature Request: Check if it is possible to connect the BSH controller without verifying the SSL certificate

[50k0n]

Use case:
The BSH controller is operated only in the local LAN without an internet connection. Home Assistant is connected to the BSH controller via the local LAN.

Since the BSH controller does not receive updates in this case (which is not critical as long as all connected devices are functioning properly and the lack of an internet connection does not pose a (relevant) security risk), the BSH controller's SSL certificate may expire.

Feature Request:
Wouldn't it be worth considering making it (optionally) possible to disable SSL verification on the HA side for purely local communication?

Also see previous discussion here:
#261 (comment)

[Biker82]

Hi!
I used the Bosch SHC integration until the ssl problem. Firstly thank your great work, tschamm!
Now I saw that the problem is solved by installing SHC with HACS. That means that HACS is necessary, installing as integration isn't possible, is it?
Best regards
Tobi

[tschamm]

You can also install it manually without HACS.

[Biker82]

At my system not.... :-/ can you help me, please?
I add the integration "Bosch SHC". Now I have to enter the "host". I think that's the ip-adress of the Bosch SHC, right?
I press the front button on the SHC until the led light flashes. I enter the ip-adress, press "OK", but there comes the message "connection failed".

[dennismenken]

I ran into the same situation (expired / invalid SHC client certificate leading to SSL verify failures). Instead of disabling certificate verification I opened a PR that adds proactive handling:

• Parse the stored client certificate at setup
• Raise a clear re-auth requirement if it is expired (instead of opaque SSL errors)
• Warn (log + persistent notification) 30 days before expiry
• Daily lightweight re-check to surface warnings without a restart

Pull request: #266

This keeps security (no blanket verify=False) while reducing downtime and support questions. Feedback welcome—happy to trim the scope (e.g. drop daily re-check) if preferred.

[Biker82]

Thank you, I solved the problem!
I deleted and renewed the folder "custom_components" with a file explorer.
Now my whole home works again. :-)

[tschamm]

I ran into the same situation (expired / invalid SHC client certificate leading to SSL verify failures). Instead of disabling certificate verification I opened a PR that adds proactive handling:

Thank you for the PR. This doesn’t fulfill the request from @50k0n, as his controller is not intended to receive valid certificates at all.