hart2hart Posted December 17, 2013 Posted December 17, 2013 I was on vacation several weeks ago attempting to connect to home router and Chrome did not like my self-signed certificate (on router not ISY). I want to move forward with an SSL certificate for the CISCO router and thought I'd consider getting one to be utilized with ISY. This is an area where I have very little knowledge. Please provide advice on all aspects of what and from whom I should purchase.
Michel Kohanim Posted December 18, 2013 Posted December 18, 2013 Hi hart2hart, Since you would be accessing ISY via a remote IP address, then you should get a certificate either for the dynamic dns name associated for your remote IP address OR the remote IP address itself. Things you must do in ISY (994 ONLY): http://www.universal-devices.com/docs/I ... 0Guide.pdf (pages 10 and 11). In short, you must make a certificate request (page 10) and then send it to a CA (say GoDaddy or CheapSSL). Once approved, you would receive the cert (page 11). With kind regards, Michel
Balok Posted January 31, 2014 Posted January 31, 2014 This only works in the PRO version, correct? I'm not seeing the same interface in my Admin console. I have an ISY-994, but it is not PRO.
shannong Posted January 31, 2014 Posted January 31, 2014 If you don't have a static IP then you must get cert that uses a DNS name. That means you'll need a FQDN from a dynamic DNS service like. Once you have a name you can get a cert. There is a free service that is already included in the trust list of every major browser including IE. It's called startcom.org. There are other free cert service companies but that's the only included in the trusted CA list of Windows. Just to be clear, you don't need a valid cert to connect. It will just alleviate the annoying error you must "Proceed Anyway" when using Chrome. Either way your session will be encrypted. A trusted cert provides authentication so that you know it's really your ISY/router that you're connecting to and not a rogue device. Once the session is initiated there is no difference in security.
shannong Posted January 31, 2014 Posted January 31, 2014 This only works in the PRO version, correct? I'm not seeing the same interface in my Admin console. I have an ISY-994, but it is not PRO. The cert configuration is not in the Admin console. It's found in the dashboard. http://isy.universal-devices.com/994i/4.1.2/dashboard.jnlp I believe enrolling for certs is supported in the base version but not the enhanced encryption.
MWareman Posted January 31, 2014 Posted January 31, 2014 If you don't have a static IP then you must get cert that uses a DNS name. That means you'll need a FQDN from a dynamic DNS service like. Or you can get your certificate for 'ISY.whatever.com' (where 'whatever.com' is your custom domain), then add a CNAME record (isy) to the 'whatever.com' zone pointing to the hostname that is your dynamic DNS fqdn. Keep the TTL on the CNAME to the smallest value you can. This has worked flawlessly for me for many years, until I switched to dns.he.net (which natively supports custom domains and dynamic updates at no cost).
Balok Posted February 1, 2014 Posted February 1, 2014 This only works in the PRO version, correct? I'm not seeing the same interface in my Admin console. I have an ISY-994, but it is not PRO. The cert configuration is not in the Admin console. It's found in the dashboard. http://isy.universal-devices.com/994i/4.1.2/dashboard.jnlp I believe enrolling for certs is supported in the base version but not the enhanced encryption. Thank you.
Recommended Posts