Skip to content

HTTPS and SSL Certificates

Jump to bottom
Nicolas HILAIRE edited this page Nov 3, 2016 · 21 revisions

Available for version >= 1.0.1 Beta

HTTPS and SSL Certificates

You can activate SSL to use Yadoms using HTTPS instead of HTTP protocol.
<img src="images/https/HTTPS_icon.png" width=100px"/> This operation allow you to encrypt all data between web clients and your server even your password or your house information.

Create Self signed certificate

This certificate can be freely generated onto your computer and used as is. https://en.wikipedia.org/wiki/Self-signed_certificate

The main drawback of a self signed certificate is that all browser won't let you navigate onto the website until you have made an exception to allow this site. The securisation level of your self signed certificate and an official one is the same !

Linux

This is the procedure to create certificate under Linux. A certificate generated with Linux works onto an other system like Windows.

  • Create a key file
$ openssl genrsa -des3 1024 > yadoms-server.key
Generating RSA private key, 1024 bit long modulus
..++++++
..............++++++
e is 65537 (0x10001)
Enter pass phrase: (password)
Verifying - Enter pass phrase: (password)

**Don't loose your password you can't retrieve it !**
  • Create a CA (Certification Authority) certificate file

This certificate will be used to sign your local certificate.

$ openssl req -new -x509 -days 365 -key yadoms-server.key > yadoms-server-ca.crt
Enter pass phrase for ca.key: (password)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:XX
State or Province Name (full name) [Some-State]:XXXXXXX
Locality Name (eg, city) []:XXXXXXX
Organization Name (eg, company) [Internet Widgits Pty Ltd]:XXXXXX
Organizational Unit Name (eg, section) []:XXXX
Common Name (e.g. server FQDN or YOUR name) []:(Common Name)
Email Address []:
  • Create a Certificate Signing Request (CSR) using the key file

The important information you will provide is the Common name. Save this information you will need to enter it into yadoms configuration file.

$ openssl req -new -key yadoms-server.key > yadoms-server.key
Enter pass phrase for yadoms-server.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:XX
State or Province Name (full name) [Some-State]:XXXXXXXXXX
Locality Name (eg, city) []:XXXXXX
Organization Name (eg, company) [Internet Widgits Pty Ltd]:XXX
Organizational Unit Name (eg, section) []:XXX
Common Name (e.g. server FQDN or YOUR name) []:(CommonName)
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

This will generate your CSR file.

  • Sign your certificate request (CSR) with the CA certificate
$ openssl x509 -req -in yadoms-server.csr -out yadoms-server.crt -CA yadoms-server-ca.crt -CAkey yadoms-server.key -CAcreateserial -CAserial yadoms-server-ca.srl
Signature ok
subject=/C=XX/ST=XXXXXXXXXXXXX/L=XXXXXX/O=XXXX/OU=XXX/CN=commonName
Getting CA Private Key
Enter pass phrase for ca.key: (password)

This will generate your certificate under .crt extension.

Take the .crt file and the .key file and copy near yadoms executable.

Windows

#TODO

Configuration

All job has to be done in configuration file. Open yadoms.ini and set useSSL parameter as true In openSSL section uncomment all options and fill right values:

  • server.certificateFile: Contains path to crt file
  • server.privateKeyPassphraseHandler.name: Common Name entered during the creation of the certificate
  • server.privateKeyFile: Key file used to create the certificate
  • server.privateKeyPassphraseHandler.options.password: Password entrered during the creation of the certificate
  • server.verificationMode: Verification mode of the client certificate if provided (set it to none)

Example

yadoms.ini

[server]
useSSL=true

[openSSL]
;indicates the certificate file
server.certificateFile = ${application.configDir}/server.crt
;indicates that the key is provided using a file
server.privateKeyPassphraseHandler.name = KeyFileHandler
;indicates that the key file name
server.privateKeyFile = ${application.configDir}/server.key
;indicates the password of the certificate
server.privateKeyPassphraseHandler.options.password = serverPass
;indicates that there is no verification server side
server.verificationMode = none

server.key

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,45F1BBE28D0641F6

97MFDDfjhhkdhdoJFDfjovfVC145ddfdff12VDvfVFGDFGFDvfdFDFo/Fgfvxb/R
khJrpmXHWBP6vplXpPYSsvxQEtH9NRaUPFwBYRaPVkDaSPbcnPcwTHY7iNaGQh9Q
O2Sm2UQuLljwHCkIo5+7SkDaat/FtrM5EDKiacnHiLdE+Bz5sqiCBKk36UxGeD+L
...
idO77yMvQAOXNFc956eCWJjXi2yrfTCtB3CpUGlZ1RFG3afBgrTb1hImT0nr1OIx
wylnBaVzRm7h57YveKY1NJV51PuNvlsHS4wMQTOIx9EjSkMk5VP5AQ2Ikjq1sazF
1d0fgf5445fgHJHGffgfg14fgGHJhTNGH2RVvQW2Ms7Aj6N9H62d45Aw==
-----END RSA PRIVATE KEY-----

server.crt

-----BEGIN CERTIFICATE-----
MIISDDCCAZcCCQCG+gKZ7iXT8DANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJG
UjELMAkGA1UECAwCUkgxDzANBgNVBAcMBlNveW9uczEMMAoGA1UECgwDTlNFMQsw
CQYDVQQLDAJCRTETMBEGA1UEAwwKZmlwc1NlcnZlcjAeFw0xNjA5MjYwOTU1MDFa
...
h8mEVD1Jv5OIvNppFyRXU1nGqdJVtRnDTAukywHr+9gMjymuVfGs8NYN4Lzp9YRX
E4ENdDFeWfg4gf5d6udMF4pRcYrlSXzIV546IuC1+EFDHv+cLKgAA==
-----END CERTIFICATE-----

Yadoms Yadoms -- The ultimate house automation solution

Clone this wiki locally