pepethecow Posted January 3, 2023 Posted January 3, 2023 The error in the subject started happening a couple of days ago, on every screen that tries to connect to the ISY. I am connecting to my ISY directly, not with the Portal. It was working before this. I verified the ISY is on and working. I'm on Android.
Javi Posted January 3, 2023 Posted January 3, 2023 Invalid Certificate https://wiki.universal-devices.com/index.php?title=UD_Mobile#Remote_Connections
pepethecow Posted January 4, 2023 Author Posted January 4, 2023 I've never had to deal with this before. Did something change recently? I have a custom domain that I use for remote access, and that has a certificate, but that's outside of the ISY configuration.
GJ Software Products Posted January 4, 2023 Posted January 4, 2023 I had this problem getting connected to AWS IoT with another controller brand, the cert I got from AWS the controller couldn't find the CA cert for and failed on a very similar error message. You might just need to be sure you have the CA cert in your box, but then again I think UDI is using a self signed cert so you don't need a CA cert for it. Using openssl I created my own cert and CA cert to sign it with and uploaded those to AWS and problem was solved. But I don't think there is that level of cert management in ISY, maybe you could use ssh and the command prompt to install your own cert but Michael also told me the certs in ISY are used for internal services too so I'd be careful you don't create a brick. Maybe in the future we'll see more docu on certs in ISY?
GJ Software Products Posted January 4, 2023 Posted January 4, 2023 3 hours ago, Javi said: Invalid Certificate https://wiki.universal-devices.com/index.php?title=UD_Mobile#Remote_Connections @JaviI can't even get to those network settings pages in my 994 or eisy? What am I missing?
Javi Posted January 4, 2023 Posted January 4, 2023 1 hour ago, pepethecow said: I've never had to deal with this before. Did something change recently? I have a custom domain that I use for remote access, and that has a certificate, but that's outside of the ISY configuration. Nothing changed, UD Mobile has had this requirement from day one for reasons listed in the previous link. We did recently update our Android target so it is possible the platform now requires higher security although this is not likely the cause. 1 hour ago, GJ Software Products said: @JaviI can't even get to those network settings pages in my 994 or eisy? What am I missing? It is available for 994, I don't see updated docs so am not sure about IoX. While this is possible with 994 it is not recommended. With regards to UD Mobile we do not provide tech-support for direct remote connections as it causes too many support tickets. Not to mention security issues which could arise from opening a port and cert cost is likely higher than ISY Portal. With that said, UD Mobile can use https basic-auth instead of oAuth remote connection to any proxy or ISY including Portal when the Use Portal switch off. This requires the proxy/ISY have a cert which is trusted by the client. Many clients allow users to add their own trusted certificates, but again out of our tech-support for the same reasons.
pepethecow Posted January 4, 2023 Author Posted January 4, 2023 I think I've pieced together what changed on my end. I noticed my phone was connecting to my home's guest wifi network, which was not in the list of local networks in UD Mobile. I reconnected to the main network, and UD Mobile works again. This means I've probably never actually used UD Mobile remotely. Now I'm at work, and just tried it, and yep, it won't connect. Is there a dummy's guide to setting up certs between the ISY and UD Mobile to work remotely? The documentation linked above doesn't really give a how-to.
Javi Posted January 4, 2023 Posted January 4, 2023 3 hours ago, pepethecow said: Is there a dummy's guide to setting up certs between the ISY and UD Mobile to work remotely? The documentation linked above doesn't really give a how-to. No, the support tickets would take much of my time. I am intentionally vague when discussing this topic as someone could read, try, fail, then ask for support. Network security can be at risk when going this route. If a user has a deep understanding of Certificates then they likely understand the risks involved and know how to configure their device/proxy/client. If you do not want to use ISY portal I recommend setting up VPN. VPN is available on most mid/high end routers and is much easier to configure/manage and usually free. The router MFG usually provides instructions and a certificate which is installed into the VPN configuration on your device. Why use ISY Portal: We manage and support the connection along with additional services such as Google Assistant and Alexa. Our portal subscription cost is less than $1 per month, while the cost of an SSL cert can be anywhere from ~$35 to ~$100 annually. ISY portal configuration can be setup in app in a couple of minutes, even with the best abilities cert management will likely be 10x. With portal your subscription is tied to the device not the account so you can share your devices with users on other portal accounts at no additional charge. Shared account access can be managed locally so you can revoke access to other users without needing to change credentials or VPN cert. Finally, if we look at one of the other Home Automation platforms, the same managed access is $65 or more a year. 2
Recommended Posts