Announcement

Collapse
No announcement yet.

SSL on HS3 - reality or not?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    SSL on HS3 - reality or not?

    Guys

    I have read a lot on SSL on HS... and not much specific to HS3.

    Is SSL viable?

    From what I read, HS's webserver is outdated and SSL is not going to work with most modern browsers.

    If this is the case - that is inexcusable in any modern product... especially in these days of cyber attacks.

    Is there a setup guide for SSL on HS3? - I found an old one for HS2, which, by the sounds of it is still valid as the webserver is archaic!

    Thoughts and comments?


    David
    ---------------------------------------------------http://weather.penicuik.org

    #2
    I learned how useful a ssl reverse proxy could be by setting one up for HomeSeer. I have used them several times since including for a plugin. It works well for me with HS3 on linux.

    Comment


      #3
      I as well use reverse proxy with IIS7 in windows 7/10 without any issue.
      Disable SSL in HS3
      Create a virtual host in IIS7 and enable SSL, then create URL Rewrite rule that load the http traffic from HS3
      If you don't use authentication in IIS7 then untick "No Password Required for Local/Same Network Login (Web Browser/HSTouch)" or else all visitor to IIS7 SSL page can access your HS3 locally without login prompt.
      Attached Files
      Please excuse any spelling and grammatical errors I may make.
      --
      Tasker Plugin / Speech Droid
      Tonlof | Sweden

      Comment


        #4
        I managed to get the certificate generated by the sticky working in HS3 ...

        https://forums.homeseer.com/forum/de...-a-certificate

        ... but found it stopped working on the next reboot.

        The answer appears to be renaming the generated .pfx file from homeseer.pfx to server.pfx, and overwriting the existing server.pfx file.

        HS3 doesn’t have the previous option to specify the name of the file in the HomeSeer setup.

        Comment


          #5
          I managed to get HS3 working with a Letsencrypt certificate via reverse proxy. I installed pfSense, ACME Certificates and HAProxy (the latter two are packages that can be installed on top of pfSense via its package manager). In HAProxy - the actual reverse proxy - you have to generate a backend (your HS3 machine in the LAN) and a frontend (the WAN of the pfSense machine) with the appropriate FQDN, (internal) IP and port for your HS3 machine. With the ACME Certificates package you can easily obtain a certificate (first obtain an account key that you can test (staging) in obtaining a test certificate to prevent you being blocked if you reach Letsencrypt's thresholds and, after having obtained a test certificate successfully change it to a production key) and open/forward the ports 80 and 443 (for Letsencrypt) and - if your HS3 uses another port - your HS3 port on/to the WAN IP of the pfSense machine. Finally you have to set up DNS internally as well externally to appoint your FQDN for HS3 to your public IP with your internet provider and internally to the reverse proxy (the WAN of the pfSense machine, in my case). I manage my internal DNS on my domain controller (Window Server) but I believe this can be done in pfSense as well.

          If anyone is interested I can give further details of this setup.

          Cheers, Dela

          Comment

          Working...
          X