Domoticz

Version: v3.8153
Platform: Windows 10
Plugin/Hardware: Intel NUC
Description:

I am interested in learning how to replace domoticz certificate on a windows 10 machine. Lets assume that i own a certificate from comodo or another authority and i want to change my domoticz server to run that certificate. How this is accomplished?

Thank you

Hi ftslkogl,
I am struggling to setup SSL on Domotics / Windows 10. HTTP works well, now want to add the default certificate, initially.

All of the web posts refer to 'domoticz.sh' file to setup the config, but I cannot find it in my installation folders!

Are you able to give me any pointers?

Thanks

Regards
KevinR

Domoticz has native HTTPS / SSL support since Version 2.2563 (June 14th 2015). Are you using an old version?

Thanks

Hi ftsikogi,
With a little help from friends I got it sorted by initiating the native SSL via the command line on my start icon (Windows does not use 'domoticz.sh')

I added: -www 8080 -sslwww 443 -loglevel=0 -sslcert "C:\Program Files (x86)\Domoticz\server_cert.pem"

it worked immediately. e.g. it works remotely with my iPhone using Domotix app with SSL.

However, it does not work properly with Browsers:
Safari - will not connect - invalid certificate and you cannot continue
Explorer, Edge & Chrome - shows as 'insecure' which you can ignore and carry on.

I am trying to connect Alexa via 'Controlicz', but Alexa will not 'find' my 'FloorPlan/RoomPlans or Switches' - invalid certificate!!!

Tried 'Let’s Encrypt' the free, automated, and open Certificate Authority - but I need a .PEM file and I am struggling with this.

Thanks for your replies.

Regards

Kevin

Just had this problem myself and since the information doesn't seem to be easily available, thought I'd share the solution.

Domoticz takes various parameters when it starts up. That's all the domoticz.sh file is doing. On a Windows platform those parameters are passed in one of two different places depending on whether you have it installed as a service or not.
If you're not running as a service, the parameters are passed in the shortcut that you use to run the program (either in your Start Menu or on the desktop usually).
If you are running as a service, this is handled by a third party utility called NSSM (Non-Sucking Service Manager - https://nssm.cc). This handles the starting and stopping of Domoticz as a service and hence it is NSSM that passes those parameters to Domoticz. The parameters are specified in the registry here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Domoticz\Parameters\AppParameters
By default it will have a value of obviously with the port numbers that you specified during setup.
Simply add the path to your certificate file to the end of those parameters like this Substitute the installation path and name of your certificate file as appropriate for your installation.

As for the certificate file itself, it needs to be in PEM format and it needs to include your private key as well as the public. Often this means it will be in PFX format. You can convert it to PEM using the free OpenSSL. You can find a location to download pre-compiled binaries (ready to use) here: https://wiki.openssl.org/index.php/Binaries
I used the binaries from https://indy.fulgan.com/SSL and used the most recent version (right at the bottom of the list) which at the time was openssl-1.0.2n-x64_86-win64.zip
Unzip to a folder.
Open a CMD prompt Be aware that the "-nodes" command is short for "no DES" and this means that the PEM file will not be encrypted or password protected. Make sure this file is kept safe as anyone with it could impersonate your server or decrypt your SSL traffic.

Hope this helps.
Gareth

Thanks for the detailed instructions.