How to enable a SSL certificate?



  • Is there some information about how exactly to enable a SSL cert for MyController?

    To get things started I created a self signed (local) certificate but have no idea where to install it on the Raspberry or rather how to enable it within the builtin webserver of MyController?!

    Thanks for your ideas!


  • ADMIN

    @Velo17 It is there in the user manual. You can edit the following to change default certificate.

    mcc.web.ssl.keystore.file=../conf/keystore.jks
    mcc.web.ssl.keystore.password=mycontroller
    mcc.web.ssl.keystore.type=JKS
    


  • This is how I updated the keystore.jks to run with letsencrypt!!

    • Register with any free dyndns provider (e.g. http://www.dnshome.de )
    • Enter the access data in your router

    The next step is a little bit tricky .. here is what I did

    The relevant certificate files are located here after running autocert:
    /etc/letsencrypt/live/YOURDOMAIN

    Then check this out (https://blog.codecentric.de/2013/01/selbstsignierte-zertifikate-aus-pem-dateien-in-java/)

    • openssl pkcs12 -export -out keystore.p12 -inkey privkey.pem -in cert.pem
    • keytool -importkeystore -destkeystore keystore.jks -srcstoretype PKCS12 -srckeystore keystore.p12
    • cp keystore.jks /home/pi/mycontroller/conf

    Edit mycontroller.properties:
    mcc.web.ssl.keystore.file=../conf/keystore.jks
    mcc.web.ssl.keystore.password=mycontroller
    mcc.web.ssl.keystore.type=JKS

    mycontroller must be replaced by the passwort you choose during certificate export with openssl

    You can now disable port forwarding for port 80 and enable port forwarding for port 8443 (be sure to choose a strong passwort)

    Result:
    0_1507657120186_470a10e6-5b49-4071-8679-ad784e0a14e8-image.png

    !!! Valid certificate in all major browsers (chrome in my example) !!!


Log in to reply
 

7
Online

439
Users

231
Topics

1378
Posts

Looks like your connection to MYCONTROLLER.ORG was lost, please wait while we try to reconnect.