ffpllc Posted July 11, 2021 Posted July 11, 2021 Hi, I wanted to start using https with my ISY994i and self-signed certificated sounded like the first baby step. I don't know about everybody else but that is one hell of a baby step for me. LOL I looked at the UDI pdf that goed over using certs but my head just spins uncontrollably. Any hand holding would be hugely appreciated. I'll need to access the ISY remotely, currently to do that I've got the home network there using DDNS, and I use the DDNS name to access the ISY over http As far as the instructions for using a self signed cert. I go into the ISY dashboard and get up to the point where I fill out the SSL Certificates Mangement fields and click the 'Self Signed' button. After I click the button I get the prompt that the ISY will reboot. Now I have no idea what to do next.... Is it supposed to now work with https? Cause it doesn't for me. For the host name in the certificate information, does that need to be the ip address of the ISY or the DDNS name for the home network? Or something else entirely. Any help would be really, really appreciated. Thanks! I've read a bunch of threads that say self-signed isn't as safe as using CA. I can understand that, I just want to start using https and don't think I can handle something even more complicated right now. lol
MrBill Posted July 11, 2021 Posted July 11, 2021 Sorry to answer this differently that the question you asked, but save yourself the trouble. Instead of opening a port and installing a self-signed certificate subscribe to the UDI Portal instead. Less than $1.00 per month. Includes remote access to your ISY, Alexa Integration, Google Home Integration, IFFFT integration, portal nodeserver, the polyglot cloud nodeservers and more. 2
ffpllc Posted July 12, 2021 Author Posted July 12, 2021 Thanks MrBill. So if I do that then I don't have to deal with certificates? I'm in! lol All the other stuff that I have working will continue to work? REST, IR, ZWAVE all of that remains the same?
MrBill Posted July 12, 2021 Posted July 12, 2021 14 minutes ago, ffpllc said: Thanks MrBill. So if I do that then I don't have to deal with certificates? I'm in! lol All the other stuff that I have working will continue to work? REST, IR, ZWAVE all of that remains the same? Yep... portal subscriptions are far more secure than opening your own ports and dealing with certificates.... the open port/certificate methods are really kind of out-of-date, but some people are holdovers that still use them and some people prefer them instead of cloud dependencies, and some people just plain refuse to spend on subscriptions (I'm in that camp most places... except UDI's because of it's low price point.) Start here.
ffpllc Posted July 12, 2021 Author Posted July 12, 2021 Would that also then allow me to connect to the ISY using REST over https? I'm a little fuzzy on what the UDI Portal would do for me other than remove the need for port forwarding.
larryllix Posted July 13, 2021 Posted July 13, 2021 I connect to my polisy with Edge and FireFox browsers, just fine. I just ignore that https nonsense and work around it. It is ridiculous using it inside my own LAN system with no outside access through a router firewall and passing a security code via the same open pathway deemed to be secure is the most ridiculous thing I have ever heard. If the other end can decode the encryption so can a hacker. Give it another four or five years and it will likely be revealed as a moronic attempt at security, like all the rest of the security techniques have been.
MrBill Posted July 13, 2021 Posted July 13, 2021 (edited) 15 hours ago, ffpllc said: Would that also then allow me to connect to the ISY using REST over https? I'm a little fuzzy on what the UDI Portal would do for me other than remove the need for port forwarding. yes... your ISY will have a unique long unique URL that looks something like this: https://my.isy.io/isy/77722bbbb555555069dba03f09795e63e57f02b6d7cbebebede80c0a22e334076 (I randomized that one) If used in a rest call such as https://my.isy.io/isy/77722bbbb555555069dba03f09795e63e57f02b6d7cbebebede80c0a22e334076/rest/nodes which will also require credentials, but unlike local rest calls its not looking for the simple local credentials, instead use your portal credentials. Edit to add: the unique url can also be used with the admin console remotely... Manually add to finder with /desc on the end. When the admin console opens with it's normal credentials request use your portal login credentials, the typical simple local credentials will not work remotely. Edited July 13, 2021 by MrBill
Recommended Posts