How to enable a SSL certificate?
-
Is there some information about how exactly to enable a SSL cert for MyController?
To get things started I created a self signed (local) certificate but have no idea where to install it on the Raspberry or rather how to enable it within the builtin webserver of MyController?!
Thanks for your ideas!
-
@Velo17 It is there in the user manual. You can edit the following to change default certificate.
mcc.web.ssl.keystore.file=../conf/keystore.jks mcc.web.ssl.keystore.password=mycontroller mcc.web.ssl.keystore.type=JKS
-
This is how I updated the keystore.jks to run with letsencrypt!!
- Register with any free dyndns provider (e.g. http://www.dnshome.de )
- Enter the access data in your router
The next step is a little bit tricky .. here is what I did
- install apache2
- enable port forwarding for port 80 in your router
- https://tutorials-raspberrypi.de/raspberry-pi-ssl-zertifikat-kostenlos-mit-lets-encrypt-erstellen/
The relevant certificate files are located here after running autocert:
/etc/letsencrypt/live/YOURDOMAINThen check this out (https://blog.codecentric.de/2013/01/selbstsignierte-zertifikate-aus-pem-dateien-in-java/)
- openssl pkcs12 -export -out keystore.p12 -inkey privkey.pem -in cert.pem
- keytool -importkeystore -destkeystore keystore.jks -srcstoretype PKCS12 -srckeystore keystore.p12
- cp keystore.jks /home/pi/mycontroller/conf
Edit mycontroller.properties:
mcc.web.ssl.keystore.file=../conf/keystore.jks
mcc.web.ssl.keystore.password=mycontroller
mcc.web.ssl.keystore.type=JKSmycontroller must be replaced by the passwort you choose during certificate export with openssl
You can now disable port forwarding for port 80 and enable port forwarding for port 8443 (be sure to choose a strong passwort)
Result:
!!! Valid certificate in all major browsers (chrome in my example) !!!