Jump to content

Help Using Self Signed Certificates


ffpllc

Recommended Posts

Posted

Hi, I wanted to start using https with my ISY994i and self-signed certificated sounded like the first baby step. I don't know about everybody else but that is one hell of a baby step for me. LOL

I looked at the UDI pdf that goed over using certs but my head just spins uncontrollably. Any hand holding would be hugely appreciated.

I'll need to access the ISY remotely, currently to do that I've got the home network there using DDNS, and I use the DDNS name to access the ISY over http

As far as the instructions for using a self signed cert. I go into the ISY dashboard and get up to the point where I fill out the SSL Certificates Mangement fields and click the 'Self Signed' button.

After I click the button I get the prompt that the ISY will reboot.

Now I have no idea what to do next....

Is it supposed to now work with https? Cause it doesn't for me.

For the host name in the certificate information, does that need to be the ip address of the ISY or the DDNS name for the home network? Or something else entirely.

Any help would be really, really appreciated.

Thanks!

I've read a bunch of threads that say self-signed isn't as safe as using CA. I can understand that, I just want to start using https and don't think I can handle something even more complicated right now. lol

 

Posted

Sorry to answer this differently that the question you asked, but save yourself the trouble.  Instead of opening a port and installing a self-signed certificate subscribe to the UDI Portal instead.

Less than $1.00 per month.  Includes remote access to your ISY, Alexa Integration, Google Home Integration, IFFFT integration,  portal nodeserver, the polyglot cloud nodeservers and more.

  • Like 2
Posted

Thanks MrBill. So if I do that then I don't have to deal with certificates? I'm in! lol

All the other stuff that I have working will continue to work? REST, IR, ZWAVE all of that remains the same?

 

 

Posted
14 minutes ago, ffpllc said:

Thanks MrBill. So if I do that then I don't have to deal with certificates? I'm in! lol

All the other stuff that I have working will continue to work? REST, IR, ZWAVE all of that remains the same?

Yep... portal subscriptions are far more secure than opening your own ports and dealing with certificates.... the open port/certificate methods are really kind of out-of-date, but some people are holdovers that still use them and some people prefer them instead of cloud dependencies, and some people just plain refuse to spend on subscriptions (I'm in that camp most places... except UDI's because of it's low price point.)

Start here.

Posted

Would that also then allow me to connect to the ISY using REST over https? I'm a little fuzzy on what the UDI Portal would do for me other than remove the need for port forwarding. 

Posted

I connect to my polisy with Edge and FireFox browsers, just fine. I just ignore that https nonsense and work around it. It is ridiculous using it inside my own LAN system with no outside access through a router firewall and passing a security code via the same open pathway deemed to be secure is the most ridiculous thing I have ever heard. If the other end can decode the encryption so can a hacker. Give it another four or five years and it will likely be revealed as a moronic attempt at security, like all the rest of the security techniques have been.

Posted (edited)
15 hours ago, ffpllc said:

Would that also then allow me to connect to the ISY using REST over https? I'm a little fuzzy on what the UDI Portal would do for me other than remove the need for port forwarding. 

yes... your ISY will have a unique long unique URL that looks something like this:

https://my.isy.io/isy/77722bbbb555555069dba03f09795e63e57f02b6d7cbebebede80c0a22e334076

(I randomized that one)

If used in a rest call such as

https://my.isy.io/isy/77722bbbb555555069dba03f09795e63e57f02b6d7cbebebede80c0a22e334076/rest/nodes

which will also require credentials, but unlike local rest calls its not looking for the simple local credentials, instead use your portal credentials.

Edit to add: the unique url can also be used with the admin console remotely... Manually add to finder with /desc on the end.  When the admin console opens with it's normal credentials request use your portal login credentials, the typical simple local credentials will not work remotely.

Edited by MrBill
Guest
This topic is now closed to further replies.

  • Recently Browsing

    • No registered users viewing this page.
  • Forum Statistics

    • Total Topics
      37k
    • Total Posts
      371.4k
×
×
  • Create New...