Announcement

Collapse
No announcement yet.

Can't get SSL to work

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Can't get SSL to work

    I'm struggling to get the web interface to work over https by enabling SSL. I tried it with the default certificate that HS3 seems to have come with and after enabling it every web browser I've tried just says the connection was closed right away. I've also went through the process of creating my own certificate with the same results. I'm pretty sure it's not a certificate issue because if I don't enter the right password for the certificate in the HS3 setup then there are errors in the log about the password being incorrect. I don't see any errors in the log....it just doesn't work.

    Does anyone have any ideas on what additional logging I could enable or things I could try to get this working?

    #2
    The web server in HomeSeer is proprietary. The latest browser releases have been eliminating support for SSL to servers without more recent implementations. The company is focused on the MyHomeSeer path for remote access. Honestly I use one answer to your question and still use MyHomeSeer instead of opening ports. I've got a couple ideas about doing something similar to MyHomeSeer without having someone else's cloud server being a necessity but that's for later on. Shouldn't we really call it a cloud service and not a cloud server anyway? The same goes for self-signed certificates. The browsers don't like them.

    If you just want to use SSL and be done with it here is what I do. For the amount of trouble and grumbling this causes the cost of the cert is in the noise. I got a domain for $2 with a cert to go with it for $6 a couple weeks ago. The process is goofy. I try not to think too hard about it and just follow the steps. They give you step by step instructions. It will make your life easier if you buy the cert from your domain host. Get as many names on it as they will allow. www.mydomain, *.mydomain, spongebob.mydomain, whatever. It is perfectly legitimate to put one cert in multiple servers but without the names available dns isn't going to work too well.

    Then you wrap HomeSeer in a reverse proxy. I use Nginx. It is a small, simple, and lightweight web server that spawns as many listeners as you want. The cert gets installed in Nginx. I go so far as to bind HomeSeer to localhost. Nginx listens on your nic for SSL connections, shows the cert, decrypts the traffic and passes it to HomeSeer on localhost. I always make everything in my LAN use a password anyway so this isn't a hassle for me but more than a few people don't like it. If you want password authentication you have to require it within your LAN also because HomeSeer sees all the traffic coming from 127.0.0.1. HomeSeer checks your password and you are working.

    The way the Nginx config works it is easy cut and paste to do that on multiple different ports in front of multiple servers. Two of the plugins I use don't currently support SSL on Linux so I have both of them wrapped with Nginx as well. That's three SSL servers out of plain text password servers for $8 and one Nginx installation. 100% legitimate with your own cert on your own domain. If you wanted to go live on the internet all you need is an IP address.

    When I installed Nginx there were several examples including a reverse proxy in the config file. Basically I commented some things out and entered a couple IP addresses. I keep meaning to do a step by step on this but I got home last evening from Seattle after an evening of imbibing with Business Development guys. That's like playing pickup football with the Broncos. Monday it's Florida so it probably won't happen this weekend. Let me know if you want to try it and need more pointers.
    Last edited by mikaluch; July 16, 2016, 06:55 PM. Reason: Wow. Sorry that's so long. I'm in proposal writing mode at this time of the year.

    Comment

    Working...
    X