Https not working after recent upgrade

[TJF1960]

I have been unable to access my ISY 994 since upgrading to 3.3.2 irr v2 via https thru Mobilelink. It works fine via LAN connection though.

I can access the index.html via safari and control devices etc.

 

I am using DNS service thru the router which is working fine.

 

I also have Conductor for android on the same phone which also is not working, but I am able to connect to my ip camera through conductor though.

 

Any suggestions would be appreciated.

 

Thanks,

Tim

[InsteonNut]

Tim,

 

Are you using any sort of custom HTTPS cert outside of the default HTTPS cert that ships with the ISY?

 

Wes

[TJF1960]

Hi Wes, if you speak of the security certificate I did create a new self signed cert via the config. Instructions from UDI. If that's not what you mean then I don't think so. Is there something I can try?

Thanks,

Tim

[InsteonNut]

Thanks Tim,

 

What settings did you select when setting up the new security options? There are several new security choices under the new firmware with 994i that will break communication with mobile devices due to server side cert enforcement not supported in mobile devices.

 

Wes

[TJF1960]

Oh great. Well, I'm not sure. I followed the instructions and to the best of my memory I used all the default settings.

I'm out of town right now so I don't think I can do anything to it till I am local again.

If you have any suggestions I can try now please let me know otherwise let me know what to do when I am local.

Thanks Wes,

Timl

[InsteonNut]

Hi Tim,

 

Sorry about the bad news, but you'll need access to your ISY through the ISY Dashboard to look and change the security settings. Unless you can get access to your ISY remotely then we'll have to wait till you get back locally to report on what the security settings are set to.

 

If you are using MobiLinc Connect, you stand a better shot at still being able to connect through MobiLinc (iOS), but depending on what settings were selected in the ISY dashboard, this could set the ISY to reject our cloud servers as well. Just depends on what settings were selected.

 

Wes

[TJF1960]

Not a problem Wes, thanks for your super quick replies.

Once I get back I will get back to you on my settings.

Thanks again,

Tim

[InsteonNut]

Perfect, sounds good.

 

Wes

[TJF1960]

Hello Wes,

 

I am local now to my isy 994.

 

I have confirmed the IP is static and port forwarded.

I also confirmed local http is working fine.

 

When Connect Method = Secure I get "Connection Error Unable to connect ot the lighting controller. Please verify the lighting controller settings."

When trying to sync the error I get is "Sync Error Unable to connect to the lighting controller. Please verify the lighting controller settings."

 

The Network settings are:

IP = Static

Https Server/Client Settings + SSL 3.0 Low Strength (which were both default settings it looks like)

 

The self signed cert key strength = 2048

 

What do I need to change or look for?

Thanks,

Tim

[InsteonNut]

Hi Tim,

 

Let's start with the self-signed cert. Please recreate using the lowest strength (512bit) to test or rule out the high strength of the cert causing a problem with the Android OS.

 

Wes

[TJF1960]

Setting at 512 made no difference.

 

edit. I have also tried changing the HTTPS Client/Server settings to 1.0, still unable to access via https.

[InsteonNut]

Tim,

 

Can you send me a screenshot of the security settings page?

 

Please send to support@mobilinc.com

 

Wes

[Michel Kohanim]

Hi Tim,

 

Can you access ISY, via HTTPS, using a browser?

 

With kind regards,

Michel

[TJF1960]

Hi Wes, Sorry for the delay. I would be happy to. How? Is that possible thru the phone or do I snap a picture of it with a camera and then send as an attachement?

 

1 other note I should mention. I noticed that when I first open Mobilinc and go to the settings page the Mac address is not shown, but usually after the error message is displayed the Mac address populates. Don't know if it means anything but...

 

Hi Michel, yes I have no trouble accessing the console thru https://my dns address:my port/admin before or after the settings Wes had me change.

 

Thanks guys,

Tim

 

Edit: Wes, I just realized you probably were not talking about the settings page on the phone but from the computer, have attached a screen shot and emailed to you.

[InsteonNut]

For those reading this post, what we did is I had Tim remove the self-signed created cert (goes back to the default installed cert) by performing a telnet into the ISY and issuing the following commands:

 

RF /CONF/ISYSERVC.PEM

RF /CONF/ISYSERVK.PEM

 

Android is very sensitive to the fields of the cert being correct, otherwise it will not work with Android platforms. The important field is the Host. This needs to be a valid IP and match the path the caller is using to reach the ISY for this to work on Android platforms. One way to check is to use the Android web browser to navigate to the ISY to confirm if the Android web browser will allow the cert or not once created in the ISY.

 

Wes