Announcement

Collapse
No announcement yet.

We need native HTTPS support!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Originally posted by rjh View Post
    Lots of people seemed to have asked for it, but I only know of one person actually trying it.
    I tested it a bit but I need to make alot of http call changes for it to work. Right off the bat my Blueiris local http commands failed along with some other things. I ended up flipping off https to get everything back up. I'll have to play more when I have some time to swap everything over.

    Comment


      I'm running it too. Worked great for 2+ days and then stopped accepting SSL connections. How should I troubleshoot it? I'm on Windows 10.

      Restarting Homeseer cleared it.

      Comment


        Is it easy to update the Zee2 to use Mono 5?

        No. I have been helping a Zee2 user trying to update from Mono 4.6 to 5.4.

        Having issues removing Mono 4.6 that is installed on the Zee2. Thinking Rich mentioned that it was built from scratch on the current Zee2 build.

        Personally here way back with the original Zee just grabbed the Homeseer directory and built my own RPi with Wheezy.

        When I upgraded to the Zee2 I did the same. (did write an new Zee2 image, then just copied the Homeseer directory out of the image).

        @Magnus, it would be a nice Linux learning experience for you to DIY build a new RPi2 image for running Homeseer.

        Use a spare SD card and build a new Stretch Zee2 and add mono 5.4 to it and copy over your Homeseer directory.

        I am still using Wheezy on my RPi2's manually built and they are all running Mono 5.4 today.
        Last edited by Pete; December 21, 2017, 07:50 PM.
        - Pete

        Auto mator
        Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
        Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
        HS4 Lite - Ubuntu 20.04 / VB W7e Jetway JBC420U591
        Fanless IntelĀ® Celeron N3160 SoC 8Gb
        HS4 Pro - V4.1.18.1 - Ubuntu 20.04/VB W7e 64 bit Intel Kaby Lake CPU - 32Gb
        HSTouch on Intel tabletop tablets

        X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Smartthings hub, Hubitat Hub, and Home Assistant

        Comment


          I have been using it every day since last Sunday ( I think). Currently, in process of attempting to create my own certificate. With the holidays, not sure that I will have a lot of time testing thoroughly.


          Originally posted by rjh View Post
          If you are asking if the latest Beta has new SSL support, then yes, its in there.

          Lots of people seemed to have asked for it, but I only know of one person actually trying it.
          HomeSeer 2, HomeSeer 3, Allonis myServer, Amazon Alexa Dots, ELK M1G, ISY 994i, HomeKit, BlueIris, and 6 "4k" Cameras using NVR, and integration between all of these systems. Home Automation since 1980.

          Comment


            I have been running 398 without any issues. Keep in mind that I do not use zwave as I am running Insteon. So, cant test that.

            Originally posted by Moskus View Post
            I apologize, but my house needs to be running. I'm not risking beta versions at the moment!

            I'll fire up the Zee2 and ... zee if I can install it there.
            Is it easy to update the Zee2 to use Mono 5?
            HomeSeer 2, HomeSeer 3, Allonis myServer, Amazon Alexa Dots, ELK M1G, ISY 994i, HomeKit, BlueIris, and 6 "4k" Cameras using NVR, and integration between all of these systems. Home Automation since 1980.

            Comment


              I would be willing to test HTTPS access using the web client and HSTouch direct (no MYHS).

              Comment


                Rich,

                I have created a local certificate authority, and am in the process of generating a certificate from my own certificate. Then I will be generating a PFX, which I will import into HomeSeer.

                Now, if you want others to do the end to end step for testing, do you have some preliminary documented procedures for folks to follow. Or do you want folks to just import/access the certificate that ships with HomeSeer?

                Or, of course, it would be best if those folks that have certificate signed by a real certificate authority (GoDaddy, Verisign, etc) to test. At the moment I do not have one.

                Ok, so reading my own email tells me that we need to do all three. Doh. Too early this morning.
                HomeSeer 2, HomeSeer 3, Allonis myServer, Amazon Alexa Dots, ELK M1G, ISY 994i, HomeKit, BlueIris, and 6 "4k" Cameras using NVR, and integration between all of these systems. Home Automation since 1980.

                Comment


                  Ok, installed Chrome and connected to HS3 web service via HTTPS. I presume that Chrome is the official web browser to test with?

                  1.) Got usual and expected certificate error (due to the expired certificate that ships with HS3).

                  2.) Clicked on Advanced and accepted the certificate so that I can go to the HS3 web site.

                  3.) Traversing through web pages (using HTTPS) seems to work. All icons in the device management pages show up. No errors in the HS log.

                  High-level scan of network traffic between web client and HS3 HTTPS server shows that it is no longer in plain text as it would have been if it was regular HTTP traffic.

                  Can anyone else perform the same sort of test using a trusted certificate authority (such as GoDaddy, Verisign, etc)? I will now continue down the path of using my own certificate authority.

                  Is anyone able to perform some sort of penetration test? Let's get serious, while I would personally love to have HomeSeer Technologies have a third party perform penetration testing on the HS3 web server, it is not financially feasible based on the cost of the product they are charging. It is still my thought that myHomeSeer should get tested since it's intended use is to authenticate users via the Internet. But, if we had someone in the community that could do this that would be great.
                  Last edited by Krumpy; December 22, 2017, 08:31 AM.
                  HomeSeer 2, HomeSeer 3, Allonis myServer, Amazon Alexa Dots, ELK M1G, ISY 994i, HomeKit, BlueIris, and 6 "4k" Cameras using NVR, and integration between all of these systems. Home Automation since 1980.

                  Comment


                    I was just planning on including a self signed cert. And I actually did create a new one, its only included with the Linux builds right now, the next Windows build will also include it. For most users I think that will be as far they will go. If you are an advanced user, you can create your our own self signed cert (lots of instructions on the web). You can get your own cert from a signed authority although can you use those with a dynamic IP? You may need to have your home on a static IP.

                    Originally posted by Krumpy View Post
                    Ok, installed Chrome and connected to HS3 web service via HTTPS. I presume that Chrome is the official web browser to test with?

                    1.) Got usual and expected certificate error (due to the expired certificate that ships with HS3).

                    2.) Clicked on Advanced and accepted the certificate so that I can go to the HS3 web site.

                    3.) Traversing through web pages (using HTTPS) seems to work. All icons in the device management pages show up. No errors in the HS log.

                    High-level scan of network traffic between web client and HS3 HTTPS server shows that it is no longer in plain text as it would have been if it was regular HTTP traffic.

                    Can anyone else perform the same sort of test using a trusted certificate authority (such as GoDaddy, Verisign, etc)? I will now continue down the path of using my own certificate authority.

                    Is anyone able to perform some sort of penetration test? Let's get serious, while I would personally love to have HomeSeer Technologies have a third party perform penetration testing on the HS3 web server, it is not financially feasible based on the cost of the product they are charging. It is still my thought that myHomeSeer should get tested since it's intended use is to authenticate users via the Internet. But, if we had someone in the community that could do this that would be great.
                    website | buy now | support | youtube

                    Comment


                      I don't plan on supporting SSL with HSTouch, that would require new HSTouch clients. We will be supporting it with the new mobile client we are working on.

                      The SSL support that was just added is for web access.

                      Originally posted by lifespeed View Post
                      I would be willing to test HTTPS access using the web client and HSTouch direct (no MYHS).
                      website | buy now | support | youtube

                      Comment


                        Thank you @rjh!

                        I'm working on switching over to a Linux box during break, and just tried out .398, and ssl working great so far.

                        FWIW, I created my own root cert for my local network, and just import it into my browsers on anything I need to access. No errors, and has a "real" cert (no need to register with a real cert authority). Since I use Google Domains for my domains (and it full supports dynamic dns), I could in theory get a real cert, but a waste of money for this.

                        Comment


                          Curious, what key length and digest algorithm did you use? I am hoping (suggesting) for key length 2048 or higher and SHA 256 or higher.
                          HomeSeer 2, HomeSeer 3, Allonis myServer, Amazon Alexa Dots, ELK M1G, ISY 994i, HomeKit, BlueIris, and 6 "4k" Cameras using NVR, and integration between all of these systems. Home Automation since 1980.

                          Comment


                            I think the cert specifies this. I don't don't specify any of this when I authenticate the stream.

                            Maybe if someone can enable SSL and expose their system to the Internet we can check it with:

                            https://www.ssllabs.com/ssltest/

                            And see what it finds.

                            Originally posted by Krumpy View Post
                            Curious, what key length and digest algorithm did you use? I am hoping (suggesting) for key length 2048 or higher and SHA 256 or higher.
                            website | buy now | support | youtube

                            Comment


                              Originally posted by rjh View Post
                              I don't plan on supporting SSL with HSTouch, that would require new HSTouch clients. We will be supporting it with the new mobile client we are working on.



                              The SSL support that was just added is for web access.

                              Thank you for planning on supporting SSL in the new home control client. Will this be a conventional HTTP/S connection?



                              Sent from my iPhone using Tapatalk

                              Comment


                                The new app uses our JSON interface so it would go through the same SSL connection as this one. You can connect to your home through MyHS, or simply enter the IP address of your home system and connect directly.

                                Originally posted by Kerat View Post
                                Thank you for planning on supporting SSL in the new home control client. Will this be a conventional HTTP/S connection?



                                Sent from my iPhone using Tapatalk
                                website | buy now | support | youtube

                                Comment

                                Working...
                                X