SSL Setup Errors

On various Hardware and OS systems: pi / windows / routers / nas, etc

Moderator: leecollings

Post Reply
KevinR
Posts: 25
Joined: Saturday 07 May 2016 22:10
Target OS: Windows
Domoticz version: 3.5877
Location: Cheshire
Contact:

SSL Setup Errors

Post by KevinR »

I have basic remote access working via a pc & my iPhone. I am struggling setting up SSL.

I have port 443 configures in Domoticz and my router.

When I try HTTPS access using: https://XX.XX.XX.XX:8080, I get the error:

XX.XX.XX.XX sent an invalid response
ERR_SSL_PROTOCOL_ERROR

I am unclear on SSL certification / self certification.

Very limited help on the web, so any help would be appreciated.

Kevin R
KevinR
Posts: 25
Joined: Saturday 07 May 2016 22:10
Target OS: Windows
Domoticz version: 3.5877
Location: Cheshire
Contact:

Re: SSL Setup Errors - Help Please

Post by KevinR »

Still having issues:

Normal login: C:\Program Files (x86)\Domoticz\domoticz.exe" -www 8080 -sslwww 443

I tried to add a certificate file:

"C:\Program Files (x86)\Domoticz\domoticz.exe" -www 8080 -sslwww 443 -sslcert file_path C:\Program Files (x86)\Domoticz\server_cert.pem

Does not work !

Any ideas - I am struggling here :( :( :(

Regards
KevinR
borgkitty
Posts: 34
Joined: Wednesday 26 October 2016 21:01
Target OS: Raspberry Pi / ODroid
Domoticz version: 3.5877
Contact:

Re: SSL Setup Errors

Post by borgkitty »

May I suggest instead of trying to use the web version on SSL you try a VPN?
The reason I suggest this is for a few reasons
1) you don't have to mess with SSL on domoticz like you're experiencing
2) opening domoticz to the web is dangerous
3) setting up a VPN is VERY easy if you have a pi and it only is a small inconvenience to pay for better security.

you will also have access to the internal network such as your pc as you said. or use teamviewer as that is encrypted and you don't have to deal with ssl which includes a reverse proxy which is more secure than opening the 8080 port on your router

We have to rely on the makers and contributors of domoticz which are better at coding than I, but even then the best coders make mistakes which could allow access accidentally to hackers. A VPN tunnels into your network without exposing anything to the outside. You still open a port just like you did with 8080 and once setup it is not that hard to control from a tablet or phone or computer.
OpenVPN while still open source like domoticz has a much much bigger community that is able to keep its platform secure with more eyes and security professionals looking at it.

here is the script that sets up VPN on pi. I would imagine it would work on other linux flavors but I have not tried it
http://www.pivpn.io/

or windows
http://www.howtogeek.com/135996/how-to- ... -software/
User avatar
emme
Posts: 909
Joined: Monday 27 June 2016 11:02
Target OS: Raspberry Pi / ODroid
Domoticz version: latest
Location: Milano, Italy
Contact:

Re: SSL Setup Errors

Post by emme »

the role on the router is:

outside: port:8080
inside: DomoticzIPAddress:443

are you behind a firewall or a proxy on you client side?

have you aso tried to run somoticz with option -sslwww 8080 -www 81 ?
The most dangerous phrase in any language is:
"We always done this way"
borgkitty
Posts: 34
Joined: Wednesday 26 October 2016 21:01
Target OS: Raspberry Pi / ODroid
Domoticz version: 3.5877
Contact:

Re: SSL Setup Errors

Post by borgkitty »

emme is right
you have to do what's called port mapping(fowarding) which is taking external port https::externalip:8080 to https::internalpcip:443

most aftermarket routers support this.
some routers supplied by the company does not have this funtionality

or another option is you change the ssl port of domoticz to 8080 as well
but imo I would still go with the VPN option
Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest