Announcement

Collapse
No announcement yet.

Instructions for Generating and Installing a Certificate

Collapse
This topic is closed.
X
This is a sticky topic.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Instructions for Generating and Installing a Certificate

    Creating and Installing Certificate
    This has worked with both Windows XP and Windows 2000 Pro:

    Automated Installation by Mathewb and Rick Tinker
    The attached certfiles.zip is everything needed to create and install a certificate to use SSL with Homeseer.
    From the command line run the file runme.bat followed by a fully qualified machine or the local machine name.
    Example:
    Runme MyHSMachine.no-ip.com
    or
    Runme MyHSMachine



    Manual Installation
    The above install should be enough to get most people going. Below is the manual steps if you want to understand what it is doing.
    1. Download: http://download.microsoft.com/downlo...s/makecert.exe
    2. From the command line generate the signing authority:
    makecert -pe -n "CN=Homeseer Root Authority" -ss my -sr LocalMachine -a sha1 -sky signature -r "Homeseer Root Authority.cer"
    3. Also from the command line generate your key:
    makecert -pe -n "CN=DOMAINNAME" -ss my -sr LocalMachine -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -in "Homeseer Root Authority" -is MY -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 homeseer.cer
    Note: Replace DOMAINNAME with the fqdn or internal machine name. This could be either a foo.dyndns.org name, registered domain name, or internal computer name
    4. There should now be a homeseer.cer and "Homeseer Root Authority.cer" files created, double click on both of them and install them when prompted. It's normal for the warnings, so click ok thru them.
    5. Go to Start, then Run, type MMC and hit enter
    6. From the File menu choose Add-Remove Snap-In
    7. Click Add, choose Certificates and then Computer Acccount, accept all the as the defaults and hit Ok
    8. Select Certificates, Personal and then Certificates
    9. Select the certificate that should be listed as DOMAINNAME from above, and right click on it and choose export
    10. Click next
    11. Click "Yes, export the private key" and click next
    12. Uncheck all of them and click next
    13. Enter a password
    14. Select the export file name, ie server.pfx
    15. Copy the server.pfx file to the root of your Homeseer directory
    16. In the Homeseer Web Server setup specify the password from step 13.





    FAQ
    1. Why is it that if I access the machine internally vs. over the Web I get a warning?
    The certificate you create contains the name of the machine or domain the client is connecting to. When a browser client connects to a web server, it checks the certificate to verify it's contents match what the "domain" or name is of the address. If this verification fails and it doesn't match, a warning is issued. For example if you generate the key as foo.dyndns.org, when connecting internally as https://homeseerpc , the browser client will see that homeseerpc does not match the key that contains foo.dyndns.org. Vice-versa if you created the key as homeseerpc, but connected remotely as https://foo.dyndns.org , the key does not match therefore it issues a warning.

    2. Why do I get a message about displaying isecure content?
    This is a bug in build 1996/1997 that HST is aware of it and working on a fix.

    3. Do I have to use port 443 for SSL?
    No, from my testing I can change the port and it will work. For example, https://foo.dyndns.org:1000 .

    Comments and questions are welcome. I plan on hopefully adding some pics as well.

    -Mike


    Updates:
    10/12/05 - Fixed URL for makecert
    10/13/05 - Added Instructions and files by MathewB
    10/21/05 - Updated certfiles.zip to include Rick's batch file and reordered/reworded
    Attached Files
    Last edited by mloebl; October 22, 2005, 08:24 AM.
Working...
X