Eric2XU Posted August 14, 2014 Posted August 14, 2014 So first I want to say how upset I am that MobiLinc refuses to fix the Android app and blames Google. I do not want to pay for a SSL cert every year. However I am fairly handy with IT so here is what I tried to do. I installed OpenSSL, created a CA, used that CA to issue a DER based cert with private key that I had the ISY 994i 4.0.5 suck in via the dashboard.jnlp applet. Cert details come up correctly and it asks to restart. However after restarting the ISY does not start hosting the website on 443. So it doesn't like the cert. This is the commands I used: Create the CA: openssl genrsa -out rootCA.key 2048 openssl req -x509 -new -nodes -key rootCA.key -days 5475 -out rootCA.pem openssl x509 -in rootCA.pem -outform der -out rootCA.cer Create the ISY Cert openssl genrsa -out isy.key 512 openssl req -new -key isy.key -out isy.csr openssl x509 -req -in isy.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out isy.crt -days 5000 openssl pkcs12 -export -out isy.pfx -inkey isy.key -in isy.crt -certfile rootCA.pem I has also tried making the CSR from the ISY and then turning it around, again ISY shows the right values restarts no web console. Self Signing a cert brings up the portal however is not able to be used with Android. Lastly just in case someone didnt know, I can take the public key from the CA I created in OpenSSL and add it to the trusted providers in Android and it will be trusted. My problem is solely not knowing exactly what cert options need to be specified to make this work correctly. Hopefully someone can help?
Eric2XU Posted August 14, 2014 Author Posted August 14, 2014 So I did a little more reading and it looks like this would only work with "PRO" as it has the ability to upload the CA chain into the ISY. without that I am stuck using public CA's. MWareman does the ISY recognize cacert.org's signing cert natively? The ISY documentation says only Certs my browser already accepts can be used and my browser doesn't accept it.
MWareman Posted August 14, 2014 Posted August 14, 2014 (edited) MWareman does the ISY recognize cacert.org's signing cert natively? The ISY documentation says only Certs my browser already accepts can be used and my browser doesn't accept it.No, ISY does not natively know about cacert.org. Shouldn't matter though - import the cacert root into your browser then it works just as any other native root. Edited August 14, 2014 by MWareman
Michel Kohanim Posted August 15, 2014 Posted August 15, 2014 Hi jay5, Sincere apologies. I suspect OpenSSL uses SHA2 ... please upgrade to 4.2.8 (or 9 to be out today) and retry. With kind regards, Michel
Recommended Posts