Windows HTTPS

[dmont]

Can someone please provide a simple step by step explanation of how I can get SSL working on Windows so I can log into a HTTPS web page outside of my network? The WIKI may actually explain it, but I don't understand it. The forum threads are all on linux or tell you to use a VPN instead. This would be very much appreciated, Thanks in advance.

[Doowie]

Same question here.
The installation manuall is quite simple and should enable https. At least it suggest to do that, but it doesn't!
There is nothing listening on 443.
I also doubt if a certificate is connected, but can't find any documentation about how to troubleshoot a Windows server running Domoticz.
Help in this area is highly appriciated.

[Soepgroenten]

I'm pretty experienced when it comes to adding SSl certificates in IIS (for the Job), but I didn't manage it to translate the PI Tutorial to a Windows manual.

So Same question here.

Did anyone manage to install a SSL certificate to a windows based installation of domoticz?

It would help if I at least knew what werb server service Domoticz is using (prolly running within the Non Sucking Task Manager)

Please do not reply with suggestions for a Pi I partly automated my home automation (outside domoticz) with Powershell scripts (would be nice if there was a Domoticz snapin or module, but I'd rather guess it will never come as Domoticz is pretty Pi based)

My setup:
I'm Running Domoticz (always latest version) on a Server 2012 Standard Edition which is VM on a Hyper-V Hypervisor. It's in an HA cluster with an AnywhereUSB solution for the Z-Wave usb device.

If there's a way to get IIS at front, and on the backend a translation to the Domoticz server I'm also Ok with it.

[AurelioF]

For me the best security solution in remote access is to use a VPN, I use openvpn in my firewall, this allows me not only a full access to Domoticz, but I can also access all the resources of my Network, camera files etz, and only exposing one port of entry and not one for each service, potentially increases the risk the more the system is exposed, VPN uses certificates and the firewall can use some tricks as the geographic limitation to expose the installation even less.
It is not the easiest way but it is very safe and its operation is impeccable.

[mrf68]

@Soepgroenten: is this somethng you are looking for?

http://www.debruinonline.net/iis-reverse-proxy

[gizmocuz]

You could start by 'not' running domoticz as a service.
Next you go to the domoticz installation path, and open a console there.
next you can type
domoticz /?

You should see all command line parameters supported

next try to start domoticz with for example -sslwww 443

is there any error being displayed ? (is another program using port 443 already ?), if not, you should be able to connect to it
(https://127.0.0.1)

You should see in the console a log message that you connected

[dmont]

gizmocuz, I know you are a busy guy, but I tried everything you said and I don't "see all the command line parameters supported". I tried typing domoticz -sslwww 443, domoticz starts and I go to https://127.0.0.1:443 and it still warns me that the sight is not safe. As I mentioned in my first post, I need step by step instructions...i'm not a programmer.

AurelioF, step by step instructions please

I am a big fan of Domoticz and I spend hours trying to find instructions on how to do all of this stuff, but but it's obvious to me the programming community is not big on guiding someone that is not a programmer.

[mrf68]

Browsers usually don’t trust the issuer when it comes to self-signed certificates. In Google Chrome you can suppress the message by opening a tab and paste this as the url: chrome://flags/#allow-insecure-localhost. You can enable the “Allow invalid certificates loaded from localhosts”. Restart the browser and go to https://127.0.0.1 and the message about an invalid certificate will not be shown.

[dmont]

Will this do anything to help secure my connection when connecting from outside my network?

[mrf68]

No, because you’ll need to use your public ip connection which will never be 127.0.0.1. You will need a domain name that will resolve to your public ipaddress and then have a certificate that is issued by a Certificate Authority that is trusted by the browser. Every https connection is encrypted, but the browser will only tell you that it is “secure” when they trust the issuer of the presented certificate.

[dmont]

I do have a domain name and I tried making my own certificate with simple authority several months ago to try and get this working, but since the wiki is only for linux I don't know how to tell domoticz the name of my certificate or if I have to modify a file like the linux instructions.

[hirelaptops]

I take a domain term and I strained creation my individual credential with meek consultant numerous months before to attempt and become this operational, but meanwhile the wiki is lone for Linux I don't recognize in what way to express demotics the designation of my license or if I consume to alter a folder similar the Linux commands.

[dmont]

Thanks mrf68 and hirelaptops, I just ordered a router capable of running a VPN.

[nfuse]

i know this is an old threat but i managed it to add my own certificate on Windows 10

just generate or request a valid certificate with private key (i for instance run my own ispconfig server and created a certificate with letsencrypt)

small howto:

- make backup of the server_cert.pem
- open server_cert.pem located at C:\Program Files (x86)\Domoticz (or install location) and edit with notepad or other text editor as administrator
- replace the -----BEGIN PRIVATE KEY----- / -----END PRIVATE KEY----- with the contents of the key file
- replace the -----BEGIN CERTIFICATE----- / -----END CERTIFICATE----- with the contents of the crt file (in my case 2 entry's)
- i didn't touch the -----BEGIN DH PARAMETERS----- / -----END DH PARAMETERS----- so leave as it is

at a home network you can add the domain name in your hosts file (C:\Windows\System32\drivers\etc) so it works internally without dns

[pjsgsy]

I know this was posted a while ago, but just what I needed in that last post. Thanks!

[Plantje]

i know this is an old threat but i managed it to add my own certificate on Windows 10

just generate or request a valid certificate with private key (i for instance run my own ispconfig server and created a certificate with letsencrypt)

small howto:

- make backup of the server_cert.pem
- open server_cert.pem located at C:\Program Files (x86)\Domoticz (or install location) and edit with notepad or other text editor as administrator
- replace the -----BEGIN PRIVATE KEY----- / -----END PRIVATE KEY----- with the contents of the key file
- replace the -----BEGIN CERTIFICATE----- / -----END CERTIFICATE----- with the contents of the crt file (in my case 2 entry's)
- i didn't touch the -----BEGIN DH PARAMETERS----- / -----END DH PARAMETERS----- so leave as it is

at a home network you can add the domain name in your hosts file (C:\Windows\System32\drivers\etc) so it works internally without dns

I am struggeling with this as well...

How do I "get" a certificate from letsencrypt?
I have never been able to connect to my server using https nor port 443. A little more help would definitely be appreciated!

[rgroothuis]

I used this Domoticz instruction page:

https://www.domoticz.com/wiki/Native_se ... ts_Encrypt

And it is now working for me. At least for the external domain name.

I don't have it working yet when accessing Domoticz on my local 192.168.0.100 IP address. Not sure yet how to manage/arrange that. Linking a certificate to an IP address.

[Plantje]

Thanks for getting back to this!

So, this worked for Windows for you? Currently, I am still somewhat struggeling with Z-Wave, but this is definitely the next thing on my list!

[rgroothuis]

Thanks for getting back to this!

So, this worked for Windows for you? Currently, I am still somewhat struggeling with Z-Wave, but this is definitely the next thing on my list!

No, I'm not using Windows. I've added the LetsEncrypt certificates to my Raspberry Pi V4 running Domoticz.

[Plantje]

Thanks, but the whole "issue" here is that all is described nice and easy for RPi, but not for Windows. If I have my Z-Wave up and running I will see if I can create my own Windows manual out of this. I know more people are looking for this.