Jump to content

New isy994i SSL woes


SirParadox

Recommended Posts

Posted

Howdy folks.  I just threw my Insteon hub pro in the garbage and made the switch to a shiny new ISY994i.

 So far so good.  In fact the isy detected so many fubar 'ghosts in the machine' scene links that explain many of my past troubles.

 

I am unable to enable internet access.

When I goto the admin console, click Help, click request/Manage SSL certificatates, it opens a new web browser window taking me to http://www.universal-devices.com/docs/ISY994%20Series%20Network%20Security%20Guide.pdf

 

First off, the instructions there are for firmware 3.x and no screen referenced in the document even come close to mine.

 

I used my google fu and came across some talk about Java versions.  I confirmed on my Windows desktop I had several Java versions.  I nuked them all, cleared the java cache, re-installed the latest.

I also see many issues with firefox/chrome/etc; so I made sure to start -> run -> iexplore for my future actions.

 

Still clicking the help->ssl button takes me to the legacy page.

 

I started a new google and came across http://wiki.universal-devices.com/index.php?title=ISY-99i/ISY-26_INSTEON:Remotely_Connect_to_Your_ISY#Creating_an_ISY_Self_Signed_Certificate

 this page directed me to the http://wiki.universal-devices.com/index.php?title=ISY-99i/ISY-26_INSTEON:Help_Menu#Request.2FManage_SSL_Certificatespage.

 Now I see the cross talk in versions (99i vs 994i)  ... ok.. so that explains why this page is a little different.

 

 I eventually came across a url https://www.universal-devices.com/ssl/insteon

 This applet reports the cert has been revoked.  Just for fun I downgraded my JAVA settings to allow the app to run.  I am going on a limb here, but even though the app is loading, its probably not the app I really want.  But just to make sure I ran it.  I was able to find my isy.  I was able to click "SSL Certificate Management" and Generate.  It spun its wheels for a good 10 minutes.  I'm guessing this is not the right place to be.

 

 

 So lets go back to the beginning.  I have a brand new ISY994i, up and running, firmware v4.3.26.  It's on a world routable IP address.  I connect to it via iexplore.  I goto the admin console.  I goto help.  I click manage/request certs and instead of 'two apps' showing up as the docs suggest (one app, one instructions), I get just the one, with instructions, that are totally not for my version as far as I can tell... OR they are and the UI's shown in the docs are the UI that is not popping up.

 

Any help or guidance would be much appreciated.

 

Of note.  I initially manged the ISY from a MAC OSX.  Java was aok there, but any 'links' would never open, e.g. the help -> forum link; also the tools -> view log would give me permission errors on my own users home directory.  So for this SSL bit I switches from my home automation 'MAC' in the garage (lol), to a plain old windows pc.  If all of this fails I am pondering a fresh windows 7 vm, with just iexplore, and the latest java, and nothing else; to see what happens then.

 

 

Posted

Hi SirParadox,

 

There are two issues here which are not related. One is enabling remote access and the other, and not necessary, is to install self-signed (or otherwise) certificates.

 

For the first issue, it seems that your router is not UPnP enabled. And, it's really not a good idea to use UPnP to do port forwarding (that's why File | Enable Internet Access does not work). It's best to create manual port forwarding rules in your router to the https port on your ISY (do NOT forward to the http port):

http://wiki.universal-devices.com/index.php?title=ISY-99i/ISY-26_INSTEON:Remotely_Connect_to_Your_ISY#Configuring_a_Non-UPnP_Router

 

Please note that File | Enable Internet Access and manual port forwarding rules are mutually exclusive: once you create manual port forwarding rules, you should NOT do File | Enable Internet Access.

 

Once you have this resolved and you can access your ISY remotely, optionally, you may want to install a certificate:

http://wiki.universal-devices.com/index.php?title=Main_Page#Network_Security

 

With kind regards,

Michel

Posted

Thanks admin.  I figured out that enable internet was just a uPNP shortcut later.  I have an uncommon network that does not have the classic consumer nat rules and problems as my house has a 2x /24s world routable.  So I can in fact reach my home from the internet.  What I might not be able to do is have the ISY or other cloud reach me without firewall adjustments.  I'll verify in the deny log that I am or am not experiencing that.

 

However.  I clicked the link you followed, then to the document listed.

 On page 4 it shows a menu with network config.  But it doesn't tell you how to get there.   

 

 After re-reading the doc a few times I realize the link to the dashboard errored.  Like others said it had a %20 in it when clicked.  I even tried removing that but my browser did not agree with me.  That's how I started down the rabbit hole of finding the links, when a copy-paste would suffice.

 

 I successfully got there, and have a shiny new cert.

 

 Thanks.

Guest
This topic is now closed to further replies.

  • Recently Browsing

    • No registered users viewing this page.
  • Forum Statistics

    • Total Topics
      37k
    • Total Posts
      371.5k
×
×
  • Create New...