Jump to content

ISY994i External Access using OpenSSL Certs


Eric2XU

Recommended Posts

Posted

So first I want to say how upset I am that MobiLinc refuses to fix the Android app and blames Google. I do not want to pay for a SSL cert every year. However I am fairly handy with IT so here is what I tried to do.

 

I installed OpenSSL, created a CA, used that CA to issue a DER based cert with private key that I had the ISY 994i 4.0.5 suck in via the dashboard.jnlp applet. Cert details come up correctly and it asks to restart. 

 

However after restarting the ISY does not start hosting the website on 443. So it doesn't like the cert. This is the commands I used: 

 

Create the CA: 

openssl genrsa -out rootCA.key 2048

openssl req -x509 -new -nodes -key rootCA.key -days 5475 -out rootCA.pem

openssl x509 -in rootCA.pem -outform der -out rootCA.cer

 

Create the ISY Cert

openssl genrsa -out isy.key 512

openssl req -new -key isy.key -out isy.csr

openssl x509 -req -in isy.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out isy.crt -days 5000

openssl pkcs12 -export -out isy.pfx -inkey isy.key -in isy.crt -certfile rootCA.pem

 

I has also tried making the CSR from the ISY and then turning it around, again ISY shows the right values restarts no web console. 

 

Self Signing a cert brings up the portal however is not able to be used with Android. 

 

Lastly just in case someone didnt know, I can take the public key from the CA I created in OpenSSL and add it to the trusted providers in Android and it will be trusted. My problem is solely not knowing exactly what cert options need to be specified to make this work correctly. 

 

Hopefully someone can help?  

 

 

Posted

So I did a little more reading and it looks like this would only work with "PRO" as it has the ability to upload the CA chain into the ISY. without that I am stuck using public CA's. 

 

MWareman does the ISY recognize cacert.org's signing cert natively? The ISY documentation says only Certs my browser already accepts can be used and my browser doesn't accept it.   

Posted (edited)

MWareman does the ISY recognize cacert.org's signing cert natively? The ISY documentation says only Certs my browser already accepts can be used and my browser doesn't accept it.

No, ISY does not natively know about cacert.org. Shouldn't matter though - import the cacert root into your browser then it works just as any other native root. Edited by MWareman
Guest
This topic is now closed to further replies.

  • Recently Browsing

    • No registered users viewing this page.
  • Forum Statistics

    • Total Topics
      37k
    • Total Posts
      371.5k
×
×
  • Create New...