Jump to content

How do I generate and install a self signed certificate


mitch236

Recommended Posts

Posted

I read it, rather quickly, and I too found it confusing. I'd like to see a step-by-step set of instructions.

 

So, when I get time, I will read it again, and write up the instructions.

  • 2 weeks later...
Posted

I tried to find out more about certificates and it seems to me that having higher security certificates only protects the person navigating to the website and doesn't protect the website owner. Is that true? Why would someone want stronger security than the basic self signed certificate for our purposes?

Posted

Hi mitch236,

 

Self-signed certificates are fine. The only drawback is that your browser does not recognize the authority (in this case "you") who signed the certificate and thus gives you those warnings.

 

With kind regards,

 

Michel

  • 1 month later...
Posted
Hi Guys,

 

Thanks so very much for the feedback. Step by step instructions shall be available shortly.

 

With kind regards,

Michel

 

I'm about to install my other 994i in a remote location. Is their any progress on this?

 

Thanks.

Posted

I have been wondering the same thing. My isy warns me the certificate is the stock on when I connect outside my local network.

Posted

Thanks Michel. I'm still a little confused..

 

What's the advantage to paying for a CA issued certificate versus doing a self signed?

 

What are good places to get a CA issued one if I decided to go that route?

 

So for using mobilinc (tablets, phone, kindle) with a port forwarded router, a few laptops, occassional outside the network machine, what am I going to experience on phones and tablets? How do i get a certificate on an android phone or tablet, especially a kindle.

 

Alan

Posted

Consider using cacert (http://www.cacert.org/). You'll likely have to install their root - but they are a chain-of-trust style free ca. I use them for ssl on all of my systems rather than self signed (which becomes difficult to securely manage).

 

This is why NOT to do self signed. How do you verify that nobody has is performing a man in the middle attack on you if the cert is self signed? You would have to manually confirm the signature hash each time you connect.

 

Bottom line, using self signed cents leaves you open to man in the middle attacks on your ssl sessions - if you are connecting from or thru untrusted networks.

 

Michael.

Posted

I would like to respond with a dumb question. Wouldn't a self signed ssl cert (or none) be ok if your using a VPN while remotely connecting therefore removing the "man in the middle"? I have been running an ISY for years now, never had a SSL cert, and use a VPN when connecting externally to any of my internal devices without issue. Just another thought?

Posted
I would like to respond with a dumb question. Wouldn't a self signed ssl cert (or none) be ok if your using a VPN while remotely connecting therefore removing the "man in the middle"? I have been running an ISY for years now, never had a SSL cert, and use a VPN when connecting externally to any of my internal devices without issue. Just another thought?

 

If you use a VPN and don't expose the ISY at all to the Internet, then there is no need for SSL at all on the ISY - as long as your internal network is secure (no guest wifi etc..).

 

However, in my case at least, that would prevent effective use of products like MobiLinc, unless I dumb down the VPN choice to something that is easy to configure and automatic to use on both IOS and Android - like pptp (and I'm not willing to do that!).

  • 4 weeks later...
Posted

I have to say that unless I really don't understand what I'm doing, the instructions for installing a CA certificate don't work. I purchased the CA certificate from GoDaddy and downloaded it. There's no way to paste any type of information from the certificate to the ISY. I imported the certificate into the ISY using the CA certificate button and it is sitting there but I don't think that's the correct way. Can't anyone just give me step by step instructions that make sense?

Posted

I am using the ISY994i/IR PRO and I sent the cert request to GoDaddy and received the cert. What I received doesn't look anything like what's in the ISY manual. I can't extract the "code" from the cert the way it is presented in the manual. I'm sure I did something wrong but it would be nice if someone could outline EXACTLY the steps to take and the type of certificate to order and how to EXACTLY install it. The manual assumes the end user understands something about certs where I don't have any experience at all. Perhaps someone could perform the whole process themselves while documenting the entire procedure?

Posted

Hi mitch236,

 

Are you saying that you didn't get something that starts with:

===BEGIN CERTIFICATE===

 

And ends with:

===END CERTIFICATE===

 

The process is really what's outlined. Request a certificate, send it to CA, get the certificate and then install it. So, the main question right now is the above.

 

With kind regards,

Michel

Posted

When I navigate to my ISY using my browser, this is the message I see which I think proves my certificate is correctly installed:

 

SSL-1.png

 

 

But when I select Admin Console, here is what I see:

 

 

 

Invalid.png

 

 

What does this mean?

Guest
This topic is now closed to further replies.

  • Recently Browsing

    • No registered users viewing this page.
  • Who's Online (See full list)

    • There are no registered users currently online
  • Forum Statistics

    • Total Topics
      37k
    • Total Posts
      371.5k
×
×
  • Create New...