mitch236 Posted March 10, 2013 Posted March 10, 2013 I recently upgraded to the 994i from the 99i and can't figure out how to install a self signed certificate. I've read the document http://www.universal-devices.com/docs/ISY994%20Series%20Network%20Security%20Guide.pdf but I'm clearly not knowlegable enough to figure out what to do. I'm sure this has been answered before so if someone would please point me to the answer, I would really appreciate it! Thanks!
G W Posted March 10, 2013 Posted March 10, 2013 I read it, rather quickly, and I too found it confusing. I'd like to see a step-by-step set of instructions. So, when I get time, I will read it again, and write up the instructions.
apostolakisl Posted March 11, 2013 Posted March 11, 2013 I agree. I started to do it once a while back and couldn't get it figured out.
arw01 Posted March 11, 2013 Posted March 11, 2013 +1, but I knew I was too dumb to figure it out before I started. I was waiting for the video on youtube!
Michel Kohanim Posted March 11, 2013 Posted March 11, 2013 Hi Guys, Thanks so very much for the feedback. Step by step instructions shall be available shortly. With kind regards, Michel
auger66 Posted March 14, 2013 Posted March 14, 2013 I just got two 994i upgrades. I couldn't figure this out either.
mitch236 Posted March 27, 2013 Author Posted March 27, 2013 I tried to find out more about certificates and it seems to me that having higher security certificates only protects the person navigating to the website and doesn't protect the website owner. Is that true? Why would someone want stronger security than the basic self signed certificate for our purposes?
Michel Kohanim Posted March 28, 2013 Posted March 28, 2013 Hi mitch236, Self-signed certificates are fine. The only drawback is that your browser does not recognize the authority (in this case "you") who signed the certificate and thus gives you those warnings. With kind regards, Michel
auger66 Posted May 9, 2013 Posted May 9, 2013 Hi Guys, Thanks so very much for the feedback. Step by step instructions shall be available shortly. With kind regards, Michel I'm about to install my other 994i in a remote location. Is their any progress on this? Thanks.
arw01 Posted May 10, 2013 Posted May 10, 2013 I have been wondering the same thing. My isy warns me the certificate is the stock on when I connect outside my local network.
Michel Kohanim Posted May 10, 2013 Posted May 10, 2013 Hi Guys http://www.universal-devices.com/docs/I ... 0Guide.pdf page 9. With kind regards, Michel
arw01 Posted May 12, 2013 Posted May 12, 2013 Thanks Michel. I'm still a little confused.. What's the advantage to paying for a CA issued certificate versus doing a self signed? What are good places to get a CA issued one if I decided to go that route? So for using mobilinc (tablets, phone, kindle) with a port forwarded router, a few laptops, occassional outside the network machine, what am I going to experience on phones and tablets? How do i get a certificate on an android phone or tablet, especially a kindle. Alan
MWareman Posted May 13, 2013 Posted May 13, 2013 Consider using cacert (http://www.cacert.org/). You'll likely have to install their root - but they are a chain-of-trust style free ca. I use them for ssl on all of my systems rather than self signed (which becomes difficult to securely manage). This is why NOT to do self signed. How do you verify that nobody has is performing a man in the middle attack on you if the cert is self signed? You would have to manually confirm the signature hash each time you connect. Bottom line, using self signed cents leaves you open to man in the middle attacks on your ssl sessions - if you are connecting from or thru untrusted networks. Michael.
Scottmichaelj Posted May 13, 2013 Posted May 13, 2013 I would like to respond with a dumb question. Wouldn't a self signed ssl cert (or none) be ok if your using a VPN while remotely connecting therefore removing the "man in the middle"? I have been running an ISY for years now, never had a SSL cert, and use a VPN when connecting externally to any of my internal devices without issue. Just another thought?
MWareman Posted May 13, 2013 Posted May 13, 2013 I would like to respond with a dumb question. Wouldn't a self signed ssl cert (or none) be ok if your using a VPN while remotely connecting therefore removing the "man in the middle"? I have been running an ISY for years now, never had a SSL cert, and use a VPN when connecting externally to any of my internal devices without issue. Just another thought? If you use a VPN and don't expose the ISY at all to the Internet, then there is no need for SSL at all on the ISY - as long as your internal network is secure (no guest wifi etc..). However, in my case at least, that would prevent effective use of products like MobiLinc, unless I dumb down the VPN choice to something that is easy to configure and automatic to use on both IOS and Android - like pptp (and I'm not willing to do that!).
mitch236 Posted June 10, 2013 Author Posted June 10, 2013 I have to say that unless I really don't understand what I'm doing, the instructions for installing a CA certificate don't work. I purchased the CA certificate from GoDaddy and downloaded it. There's no way to paste any type of information from the certificate to the ISY. I imported the certificate into the ISY using the CA certificate button and it is sitting there but I don't think that's the correct way. Can't anyone just give me step by step instructions that make sense?
Michel Kohanim Posted June 11, 2013 Posted June 11, 2013 Hi mitch236, Did you send a Certificate Request to GoDaddy? What's your ISY's model number? With kind regards, Michel
mitch236 Posted June 11, 2013 Author Posted June 11, 2013 I am using the ISY994i/IR PRO and I sent the cert request to GoDaddy and received the cert. What I received doesn't look anything like what's in the ISY manual. I can't extract the "code" from the cert the way it is presented in the manual. I'm sure I did something wrong but it would be nice if someone could outline EXACTLY the steps to take and the type of certificate to order and how to EXACTLY install it. The manual assumes the end user understands something about certs where I don't have any experience at all. Perhaps someone could perform the whole process themselves while documenting the entire procedure?
Michel Kohanim Posted June 11, 2013 Posted June 11, 2013 Hi mitch236, Are you saying that you didn't get something that starts with: ===BEGIN CERTIFICATE=== And ends with: ===END CERTIFICATE=== The process is really what's outlined. Request a certificate, send it to CA, get the certificate and then install it. So, the main question right now is the above. With kind regards, Michel
mitch236 Posted June 11, 2013 Author Posted June 11, 2013 When I download the cert, this is what I see: Can you tell me which choice to make?
Michel Kohanim Posted June 12, 2013 Posted June 12, 2013 Hi mitch236, This is a zip file. If you don't mind, you can send me your zip file and I can take a look ... please note that this is not secure since I will have access to your certificate. My email is support@universal-devices.com . With kind regards, Michel
mitch236 Posted June 12, 2013 Author Posted June 12, 2013 Thanks for helping me! One more question, how do I check to see if the cert is successfully installed?
Michel Kohanim Posted June 14, 2013 Posted June 14, 2013 Hi mitch236, Apologies for tardy reply. Simply go to https://your.remote.ip.address and use your browser to inspect the certificate provided by ISY. It should have the parameters that you used to create the certificate (i.e. domain name or IP address). With kind regards, Michel
mitch236 Posted June 14, 2013 Author Posted June 14, 2013 When I navigate to my ISY using my browser, this is the message I see which I think proves my certificate is correctly installed: But when I select Admin Console, here is what I see: What does this mean?
Recommended Posts