Creating and Installing Certificate
This has worked with both Windows XP and Windows 2000 Pro:
Automated Installation by Mathewb and Rick Tinker
The attached certfiles.zip is everything needed to create and install a certificate to use SSL with Homeseer.
From the command line run the file runme.bat followed by a fully qualified machine or the local machine name.
Example:
Runme MyHSMachine.no-ip.com
or
Runme MyHSMachine
Manual Installation
The above install should be enough to get most people going. Below is the manual steps if you want to understand what it is doing.
1. Download: http://download.microsoft.com/downlo...s/makecert.exe
2. From the command line generate the signing authority:
makecert -pe -n "CN=Homeseer Root Authority" -ss my -sr LocalMachine -a sha1 -sky signature -r "Homeseer Root Authority.cer"
3. Also from the command line generate your key:
makecert -pe -n "CN=DOMAINNAME" -ss my -sr LocalMachine -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -in "Homeseer Root Authority" -is MY -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 homeseer.cer
Note: Replace DOMAINNAME with the fqdn or internal machine name. This could be either a foo.dyndns.org name, registered domain name, or internal computer name
4. There should now be a homeseer.cer and "Homeseer Root Authority.cer" files created, double click on both of them and install them when prompted. It's normal for the warnings, so click ok thru them.
5. Go to Start, then Run, type MMC and hit enter
6. From the File menu choose Add-Remove Snap-In
7. Click Add, choose Certificates and then Computer Acccount, accept all the as the defaults and hit Ok
8. Select Certificates, Personal and then Certificates
9. Select the certificate that should be listed as DOMAINNAME from above, and right click on it and choose export
10. Click next
11. Click "Yes, export the private key" and click next
12. Uncheck all of them and click next
13. Enter a password
14. Select the export file name, ie server.pfx
15. Copy the server.pfx file to the root of your Homeseer directory
16. In the Homeseer Web Server setup specify the password from step 13.
FAQ
1. Why is it that if I access the machine internally vs. over the Web I get a warning?
The certificate you create contains the name of the machine or domain the client is connecting to. When a browser client connects to a web server, it checks the certificate to verify it's contents match what the "domain" or name is of the address. If this verification fails and it doesn't match, a warning is issued. For example if you generate the key as foo.dyndns.org, when connecting internally as https://homeseerpc , the browser client will see that homeseerpc does not match the key that contains foo.dyndns.org. Vice-versa if you created the key as homeseerpc, but connected remotely as https://foo.dyndns.org , the key does not match therefore it issues a warning.
2. Why do I get a message about displaying isecure content?
This is a bug in build 1996/1997 that HST is aware of it and working on a fix.
3. Do I have to use port 443 for SSL?
No, from my testing I can change the port and it will work. For example, https://foo.dyndns.org:1000 .
Comments and questions are welcome. I plan on hopefully adding some pics as well.
-Mike
Updates:
10/12/05 - Fixed URL for makecert
10/13/05 - Added Instructions and files by MathewB
10/21/05 - Updated certfiles.zip to include Rick's batch file and reordered/reworded
This has worked with both Windows XP and Windows 2000 Pro:
Automated Installation by Mathewb and Rick Tinker
The attached certfiles.zip is everything needed to create and install a certificate to use SSL with Homeseer.
From the command line run the file runme.bat followed by a fully qualified machine or the local machine name.
Example:
Runme MyHSMachine.no-ip.com
or
Runme MyHSMachine
Manual Installation
The above install should be enough to get most people going. Below is the manual steps if you want to understand what it is doing.
1. Download: http://download.microsoft.com/downlo...s/makecert.exe
2. From the command line generate the signing authority:
makecert -pe -n "CN=Homeseer Root Authority" -ss my -sr LocalMachine -a sha1 -sky signature -r "Homeseer Root Authority.cer"
3. Also from the command line generate your key:
makecert -pe -n "CN=DOMAINNAME" -ss my -sr LocalMachine -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -in "Homeseer Root Authority" -is MY -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 homeseer.cer
Note: Replace DOMAINNAME with the fqdn or internal machine name. This could be either a foo.dyndns.org name, registered domain name, or internal computer name
4. There should now be a homeseer.cer and "Homeseer Root Authority.cer" files created, double click on both of them and install them when prompted. It's normal for the warnings, so click ok thru them.
5. Go to Start, then Run, type MMC and hit enter
6. From the File menu choose Add-Remove Snap-In
7. Click Add, choose Certificates and then Computer Acccount, accept all the as the defaults and hit Ok
8. Select Certificates, Personal and then Certificates
9. Select the certificate that should be listed as DOMAINNAME from above, and right click on it and choose export
10. Click next
11. Click "Yes, export the private key" and click next
12. Uncheck all of them and click next
13. Enter a password
14. Select the export file name, ie server.pfx
15. Copy the server.pfx file to the root of your Homeseer directory
16. In the Homeseer Web Server setup specify the password from step 13.
FAQ
1. Why is it that if I access the machine internally vs. over the Web I get a warning?
The certificate you create contains the name of the machine or domain the client is connecting to. When a browser client connects to a web server, it checks the certificate to verify it's contents match what the "domain" or name is of the address. If this verification fails and it doesn't match, a warning is issued. For example if you generate the key as foo.dyndns.org, when connecting internally as https://homeseerpc , the browser client will see that homeseerpc does not match the key that contains foo.dyndns.org. Vice-versa if you created the key as homeseerpc, but connected remotely as https://foo.dyndns.org , the key does not match therefore it issues a warning.
2. Why do I get a message about displaying isecure content?
This is a bug in build 1996/1997 that HST is aware of it and working on a fix.
3. Do I have to use port 443 for SSL?
No, from my testing I can change the port and it will work. For example, https://foo.dyndns.org:1000 .
Comments and questions are welcome. I plan on hopefully adding some pics as well.
-Mike
Updates:
10/12/05 - Fixed URL for makecert
10/13/05 - Added Instructions and files by MathewB
10/21/05 - Updated certfiles.zip to include Rick's batch file and reordered/reworded