Announcement

Collapse
No announcement yet.

Generating and Installing a Certificate - Discussion

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Generating and Installing a Certificate - Discussion

    Mike,

    GREAT JOB!!!

    Will check it tonight.

    Rene

    #2
    Excellent work. One point. Your download url is truncated and thus not working.

    thanks

    Marc

    Comment


      #3
      Originally posted by MFULLER
      Excellent work. One point. Your download url is truncated and thus not working.

      thanks

      Marc
      Marc,

      Fixed, thanks!!

      -Mike

      Comment


        #4
        Excellent Quickstart

        Using your instructions and an additional utility I managed to knock out sections 5-14 into a single command. I thought it might ease some confusion.

        Here are the command lines I used. The .exe's need to be in Homeseer's root directory as one has a dependency on Org.Mentalis.Security.dll, or you could copy the dll to a standalone folder that you extract the exe's to. You might notice that I took out the commands to install the certs to the local certificate store. I did that so it could be used on any machine without leaving remnants.

        makecert -pe -n "CN=Homeseer Root Authority" -a sha1 -sky signature -r "Homeseer Root Authority.cer"
        makecert -pe -n "CN=homeseer" -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -in "Homeseer Root Authority" -sp "Microsoft RSA SChannel Cryptographic Provider" -sv homeseer.pvk -sy 12 homeseer.cer
        cert2pfx homeseer.cer homeseer.pvk homeseer.pfx

        Let me know if you've got any questions.

        Matt
        Last edited by matthewb; October 12, 2005, 10:05 PM.

        Comment


          #5
          I have tried most of Mike's procedure (step 1 thru 4) and it worked fine the rest looks fine, but I had problems with Matt's changes on the following line:

          withcert2pfx homeseer.cer homeseer.pvk homeseer.pfx

          I was trying to post the error, but my computer locked up,

          Sorry guys, I will try it tomorrow during the day or earlier in the evening, I had an rough day, and can't think straight anymore.

          Rene

          Comment


            #6
            These commands should also accomplish certificate creation. I also attached everything needed with the newest versions of the utilities that I could find .


            makecert -pe -r -n "CN=homeseer" -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -sp "Microsoft RSA SChannel Cryptographic Provider" -sv homeseer.pvk -sy 12 homeseer.cer
            cert2pfx homeseer.cer homeseer.pvk homeseer.pfx


            Matt
            Attached Files

            Comment


              #7
              Rich/Rick,

              May be worth making this thread a sticky?


              Matt,

              Very cool utils! I was thinking it may be possible to create a simple batch or VBS file to completely automate it to ask for the name?

              -Mike

              Comment


                #8
                Originally posted by mloebl
                Rich/Rick,

                May be worth making this thread a sticky?


                Matt,

                Very cool utils! I was thinking it may be possible to create a simple batch or VBS file to completely automate it to ask for the name?

                -Mike
                I like that thought of making it a batch routine. It would take a lot of guess work out of the equation, as well as avoid the old chair to keyboard interface issue (typing mistakes).

                Steven

                Comment


                  #9
                  Just tried it from scratch, and it works GREAT.

                  I ended copying and pasting except that I had to do an intermediate step to change the domain name and then delete the previously created certs.

                  I leave it to the experts, but a bat or VBS script, as Steve suggested, that would extract and run the pgms and delete the old cert files as the programs will not overwrite them, would make live simpler.

                  Mike and Matt you have done a great job to simplify generating Certificates.

                  Thanks

                  Rene

                  Comment


                    #10
                    Thanks guys, this thread is stuck.

                    I see a lot of different ways to do this, any possibility of packaging it up into a batch file or exe application so other users can simply run it to create the certificate? Lots a room for error with all the typing and we have many users who don't know how to use a command line.

                    What we have here is fine though for us to link to for instructions.
                    website | buy now | support | youtube

                    Comment


                      #11
                      OK, in wanting to create a certificate for my own server, I tried out these processes. The manual one does have some limitations for the average end user - e.g. they do not know that they need to delete certain files if they already exist.

                      The automated process is much better, but still has some drawbacks to using the command line and if you have problems, there are files you should delete before restarting the process.

                      Thus, being an old command line kind of guy from the old days of automating PC setup and duplication, I created a .BAT file that uses the files in the automated process. Feel free to merge it in with the zip file for the automated process if you wish - you can even change the name to RunMe.bat to make it easier for end users, but then remember to edit the one error message that shows how to run it that uses the name I gave the file which is CreateCertificate.bat.

                      The file is enclosed.
                      Attached Files
                      Regards,

                      Rick Tinker (a.k.a. "Tink")

                      Comment


                        #12
                        Originally posted by Rick Tinker
                        The file is enclosed.
                        Updated the doc, thanks Rick! I was going to do this as a WSH script, but have been too swamped lately.

                        -Mike

                        Comment


                          #13
                          Hi guys,

                          Can someone give me a brief overview of what this will do for you when using HS 2.0? What does SSL give ya?
                          Cheers,
                          Bob
                          Web site | Help Desk | Feature Requests | Message Board

                          Comment


                            #14
                            I asked that same question Bob in this thread:

                            http://board.homeseer.com/showthread...3&page=2&pp=50
                            -Rupp
                            sigpic

                            Comment


                              #15
                              Blade,

                              By Wepopedia definition:

                              Short for Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers.By convention, URLs that require an SSL connection start with https: instead of http:.

                              My opinion:

                              A way preventing people from seeing data flowing from/to homeseer such as password, status etc. All of the data between your Homeseer and the connected web browser is encrypted.

                              Commonly used by Banks and others to allow customers connecting remotely.
                              There are some disagreements of this board on the security and/or need for this.

                              Rene

                              Comment

                              Working...
                              X