Jump to content
View in the app

A better way to browse. Learn more.
Universal Devices Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Importing Certificate

Steven
in ISY994

Featured Replies

Posted

I got a certificate from startssl.com, and converted it into PFX format.

 

I then started the Dashboard and brought up the "Network" dialog.

I brought up the "SSL Certificates Management"  dialog, clicked on the "Import Cert." button, and opened my PFX certificate.

 

It asked for the private key password, which I know I typed correctly, because it gave an error when I typed the wrong password on purpose. It then asked me "Would you like to import this certificate", and I answered "Yes".

 

At this point it brought up a confusing popup that said only:

 

! /CONF/ISYKS.SRV

 

After clicking that away, the certificate information showed what I expected:

 

Issuer: StartCom Class 1 Primary Intermediate Server CA

Host Name: (My dynamic DNS host name to my home router)

Country: US

Fingerprint: (A long hex string)

Key Strength: 2048

 

At this point it was not clear what to do next. I closed the dialog, and the documentation implied that the ISY would restart, but it didn't, so I rebooted it myself.

 

However, when it came back up, it was still using the self-signed isy.universal-devices.com certificate.

 

How do I get my certificate onto the box?

 

It's an ISY 994i running 4.0.5.

 

  • Author

I upgraded to 4.2.10. Now I get this error:

 

Socket Open Failed javax.net.ssl.SSLException: java.security.ProviderException: java.security.NoSuchAlgorithmException: SunTlsKeyMaterial KeyGenerator not available
  • Author

By the way, here are the details of the certificate I'm attempting to import:

 

        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)

        X509v3 extensions:
            X509v3 Basic Constraints:
            CA:FALSE
            X509v3 Key Usage:
            Digital Signature, Key Encipherment, Key Agreement
            X509v3 Extended Key Usage:
            TLS Web Server Authentication
            X509v3 CRL Distribution Points:
            URI:http://crl.startssl.com/crt1-crl.crl

            Authority Information Access:
            OCSP - URI:http://ocsp.startssl.com/sub/class1/server/ca
            CA Issuers - URI:http://aia.startssl.com/certs/sub.class1.server.ca.crt

            X509v3 Issuer Alternative Name:
            URI:http://www.startssl.com/

 

    Signature Algorithm: sha1WithRSAEncryption

Hi Steven,

 

You are probably trying to do this over an SSL connection. Please try it on a regular http connection.

 

Hi LeeG, ISY does indeed support 2048 bit RSA keys.

 

With kind regards,

Michel

  • Author

You are probably trying to do this over an SSL connection. Please try it on a regular http connection.

 

Whoo hoo! That got me much further. Now, I have another issue (to which I suspect the answer may be that I need the PRO version):

 

The certificate got imported to the ISY-994i, but the browser (Firefox in this case) doesn't have the intermediate certificates. Firefox gives this error:

The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)

I was able to work around this with a per-browser solution by importing the intermediate certificate from www.startssl.com/certs/sub.class1.server.ca.pem. It would be nice to have this stored on the ISY-994i.

 

I understand that multiple certificates (for example, the main certificate and the intermediate certificate) can be put into one PFX file. I tried that, but it didn't seem to make a difference, but that could be because I did it wrong.

 

Question: Does the ISY-944i read multiple certificates from a PFX file, and does it send all the certificates to an incoming SSL connection?

Edited by Steven

Hi Steven,

 

Unfortunately not. At the moment, intermediate certificates must be installed in the browser.

 

With kind regards,

Michel

  • Author

Unfortunately not. At the moment, intermediate certificates must be installed in the browser.

 

Please take that as a feature request.

Guest
This topic is now closed to further replies.
Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.