Version: v3.8153
Platform: Windows 10
Plugin/Hardware: Intel NUC
Description:
I am interested in learning how to replace domoticz certificate on a windows 10 machine. Lets assume that i own a certificate from comodo or another authority and i want to change my domoticz server to run that certificate. How this is accomplished?
Thank you
How To Replace Domoticz Certificate
Moderator: leecollings
-
KevinR
- Posts: 25
- Joined: Saturday 07 May 2016 22:10
- Target OS: Windows
- Domoticz version: 3.5877
- Location: Cheshire
- Contact:
Re: How To Replace Domoticz Certificate
Hi ftslkogl,
I am struggling to setup SSL on Domotics / Windows 10. HTTP works well, now want to add the default certificate, initially.
All of the web posts refer to 'domoticz.sh' file to setup the config, but I cannot find it in my installation folders!
Are you able to give me any pointers?
Thanks
Regards
KevinR
I am struggling to setup SSL on Domotics / Windows 10. HTTP works well, now want to add the default certificate, initially.
All of the web posts refer to 'domoticz.sh' file to setup the config, but I cannot find it in my installation folders!
Are you able to give me any pointers?
Thanks
Regards
KevinR
-
ftsikogi
- Posts: 13
- Joined: Wednesday 10 June 2015 9:21
- Target OS: Raspberry Pi / ODroid
- Domoticz version: 2022.1
- Contact:
Re: How To Replace Domoticz Certificate
Domoticz has native HTTPS / SSL support since Version 2.2563 (June 14th 2015). Are you using an old version?
Thanks
Thanks
-
KevinR
- Posts: 25
- Joined: Saturday 07 May 2016 22:10
- Target OS: Windows
- Domoticz version: 3.5877
- Location: Cheshire
- Contact:
Re: How To Replace Domoticz Certificate
Hi ftsikogi,
With a little help from friends I got it sorted by initiating the native SSL via the command line on my start icon (Windows does not use 'domoticz.sh')
I added: -www 8080 -sslwww 443 -loglevel=0 -sslcert "C:\Program Files (x86)\Domoticz\server_cert.pem"
it worked immediately. e.g. it works remotely with my iPhone using Domotix app with SSL.
However, it does not work properly with Browsers:
Safari - will not connect - invalid certificate and you cannot continue
Explorer, Edge & Chrome - shows as 'insecure' which you can ignore and carry on.
I am trying to connect Alexa via 'Controlicz', but Alexa will not 'find' my 'FloorPlan/RoomPlans or Switches' - invalid certificate!!!
Tried 'Let’s Encrypt' the free, automated, and open Certificate Authority - but I need a .PEM file and I am struggling with this.
Thanks for your replies.
Regards
Kevin
With a little help from friends I got it sorted by initiating the native SSL via the command line on my start icon (Windows does not use 'domoticz.sh')
I added: -www 8080 -sslwww 443 -loglevel=0 -sslcert "C:\Program Files (x86)\Domoticz\server_cert.pem"
it worked immediately. e.g. it works remotely with my iPhone using Domotix app with SSL.
However, it does not work properly with Browsers:
Safari - will not connect - invalid certificate and you cannot continue
Explorer, Edge & Chrome - shows as 'insecure' which you can ignore and carry on.
I am trying to connect Alexa via 'Controlicz', but Alexa will not 'find' my 'FloorPlan/RoomPlans or Switches' - invalid certificate!!!
Tried 'Let’s Encrypt' the free, automated, and open Certificate Authority - but I need a .PEM file and I am struggling with this.
Thanks for your replies.
Regards
Kevin
-
Cenedd
- Posts: 1
- Joined: Thursday 25 January 2018 13:14
- Target OS: Windows
- Domoticz version:
- Contact:
Re: How To Replace Domoticz Certificate
Just had this problem myself and since the information doesn't seem to be easily available, thought I'd share the solution.
Domoticz takes various parameters when it starts up. That's all the domoticz.sh file is doing. On a Windows platform those parameters are passed in one of two different places depending on whether you have it installed as a service or not.
If you're not running as a service, the parameters are passed in the shortcut that you use to run the program (either in your Start Menu or on the desktop usually).
If you are running as a service, this is handled by a third party utility called NSSM (Non-Sucking Service Manager - https://nssm.cc). This handles the starting and stopping of Domoticz as a service and hence it is NSSM that passes those parameters to Domoticz. The parameters are specified in the registry here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Domoticz\Parameters\AppParameters
By default it will have a value of
obviously with the port numbers that you specified during setup.
Simply add the path to your certificate file to the end of those parameters like this
Substitute the installation path and name of your certificate file as appropriate for your installation.
As for the certificate file itself, it needs to be in PEM format and it needs to include your private key as well as the public. Often this means it will be in PFX format. You can convert it to PEM using the free OpenSSL. You can find a location to download pre-compiled binaries (ready to use) here: https://wiki.openssl.org/index.php/Binaries
I used the binaries from https://indy.fulgan.com/SSL and used the most recent version (right at the bottom of the list) which at the time was openssl-1.0.2n-x64_86-win64.zip
Unzip to a folder.
Open a CMD prompt
Be aware that the "-nodes" command is short for "no DES" and this means that the PEM file will not be encrypted or password protected. Make sure this file is kept safe as anyone with it could impersonate your server or decrypt your SSL traffic.
Hope this helps.
Gareth
Domoticz takes various parameters when it starts up. That's all the domoticz.sh file is doing. On a Windows platform those parameters are passed in one of two different places depending on whether you have it installed as a service or not.
If you're not running as a service, the parameters are passed in the shortcut that you use to run the program (either in your Start Menu or on the desktop usually).
If you are running as a service, this is handled by a third party utility called NSSM (Non-Sucking Service Manager - https://nssm.cc). This handles the starting and stopping of Domoticz as a service and hence it is NSSM that passes those parameters to Domoticz. The parameters are specified in the registry here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Domoticz\Parameters\AppParameters
By default it will have a value of
Code: Select all
-www 80 -sslwww 443Simply add the path to your certificate file to the end of those parameters like this
Code: Select all
-www 80 -sslwww 443 -sslcert "C:\Program Files (x86)\Domoticz\server_cert.pem"As for the certificate file itself, it needs to be in PEM format and it needs to include your private key as well as the public. Often this means it will be in PFX format. You can convert it to PEM using the free OpenSSL. You can find a location to download pre-compiled binaries (ready to use) here: https://wiki.openssl.org/index.php/Binaries
I used the binaries from https://indy.fulgan.com/SSL and used the most recent version (right at the bottom of the list) which at the time was openssl-1.0.2n-x64_86-win64.zip
Unzip to a folder.
Open a CMD prompt
Code: Select all
cd C:\Program Files\OpenSSL (or wherever you extracted the download to)
openssl pkcs12 -in C:\cert.pfx -out C:\cert.pem -nodesHope this helps.
Gareth
-
ftsikogi
- Posts: 13
- Joined: Wednesday 10 June 2015 9:21
- Target OS: Raspberry Pi / ODroid
- Domoticz version: 2022.1
- Contact:
Re: How To Replace Domoticz Certificate
Thanks for the detailed instructions.
Who is online
Users browsing this forum: No registered users and 1 guest