heyphets Posted April 12, 2016 Posted April 12, 2016 Hi All, My first post on the forum, thanks to community for everything you do to move the home automation forward. I've noticed that the ISY portal is available both at https://isy.ioas well as https://my.isy.io, however the SSL certificate is only issued to my.isy.io. May I suggest an HTTP 302 redirect to be added to isy.io to my.iso.io to avoid browsers freaking out because of the hostname mismatch between URL and Certificate?
Michel Kohanim Posted April 13, 2016 Posted April 13, 2016 Hi heyphets, Thanks so very much for the report. We do indeed have a wildcard certificate you should not have this problem. We'll take a look. With kind regards, Michel
heyphets Posted April 13, 2016 Author Posted April 13, 2016 Hi heyphets, Thanks so very much for the report. We do indeed have a wildcard certificate you should not have this problem. We'll take a look. With kind regards, Michel Thanks Michel! I believe even if you had wildcard certificate installed (the current one installed doesn't appear to be a wildcard), it would only help to cover all subdomains (e.g. <anything>.isy.io), but not the main domain itself. You should be able to add the isy.io as a subject alternative name though, then I believe it would work fine without a redirect.
MWareman Posted April 13, 2016 Posted April 13, 2016 I use the same CA for my personal stuff, and my wildcard was issued with a SAN field containing the 'naked' domain (without the *). This would take the browser supporting the SAN certificate (which not all do). I have not checked myself yet against my.ISY.io. OP: Which browser are you using? Have you tried other browsers? Did it behave the same?
MWareman Posted April 13, 2016 Posted April 13, 2016 I just checked - the current certificate is a RapidSSL certificate my the subject of 'my.isy.io' and a SAN of the same. NOT a wildcard. I could have sworn you USED to have an AlphaSSL wildcard on there? Michael.
Michel Kohanim Posted April 13, 2016 Posted April 13, 2016 Hi guys, So very sorry: Amazon does not accept wildcard certs so we had to put back the original my.isy.io. We'll do a redirect. With kind regards, Michel
MWareman Posted April 13, 2016 Posted April 13, 2016 (edited) Michel, They accepted our wildcard! We have several ELB instances with a shared wildcard certificate assigned to them.... (I manage the certs and ELBs in our $60,000+/month AWS account...) Edit: Or you could use ACM to provision certs (free for ELB users). I believe this is only in US-East currently though, but it works very well. Michael. Edited April 13, 2016 by MWareman
Michel Kohanim Posted April 14, 2016 Posted April 14, 2016 Hi Michael, Sorry for not being clear: Amazon Echo server does NOT like wildcards (not our servers). With kind regards, Michel
Michel Kohanim Posted April 14, 2016 Posted April 14, 2016 By the way, we made the change and waiting to push to production during our next maintenance schedule. With kind regards, Michel
MWareman Posted April 14, 2016 Posted April 14, 2016 Hi Michael, Sorry for not being clear: Amazon Echo server does NOT like wildcards (not our servers). With kind regards, Michel Ahh, OK. Thanks for the clarification! I understand now... Michael.
Recommended Posts