SSL support for outbound connections
Custom CA PEM Bundle
A CA bundle which covers many of the widely-used SSL providers is already available for Gen2+. In cases where the built-in bundle doesn't include a needed certificate, or cases in which self-signed server certificates are used, a second CA bundle can be added by the user. For outgoing TCP connections with TLS support, the CA bundle can be chosen by:
"*"- use SSL but disable certificate validation"ca.pem"- use the default CA bundle"user_ca.pem"- use a bundle uploaded by Shelly.PutUserCA
Self-signed certificates installed on the receiving device cannot be validated by another Shelly. For Shelly-to-Shelly HTTPS — for example, a webhook with an https:// target — the receiver needs a certificate signed by a CA, and the calling device needs that CA installed via Shelly.PutUserCA and referenced as "user_ca.pem". See Custom HTTPS Certificates → Option C: Private CA.
It is recommended to use no more than 1 HTTPS webhook by event. The reason is that triggering such webhooks slows down the device and makes it delay some responses for about 4 seconds.