Announcement

Collapse
No announcement yet.

Letsencrypt.org certificates has no passphrase, SSL server crashes

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Letsencrypt.org certificates has no passphrase, SSL server crashes

    I'm trying to get HS3 to use a letsencrypt.org certificate with HS3. It works great with PRTG and NetCam Studio, but the HS3 web server seems to expect the certification to have a passphrase, I can't seem to make an empty one.

    Code:
    mai-25 14:02:07           Warning     SSL Webserver Stopped
    mai-25 14:02:07           Error     SSL Web Server could not start: Object reference not set to an instance of an object.
    mai-25 14:02:07           Web Server     SSL Web Server started on port 443
    mai-25 14:02:07           Error     SSL Web Server, creating socket: The certificate cannot be set to a null reference when creating a server socket.
    mai-25 14:02:07           Web Server     UPNP Discovery started
    mai-25 14:02:07           Web Server     Web Server started on port 80
    mai-25 14:02:07           Error     SSL Web Server, validating certificate: The specified password is invalid.

    Letsencrypt.org gives Trusted Root certificates, so it would be very good to use them.
    Last edited by Moskus; May 25, 2016, 07:13 AM.
    HSPro 3.0.0.458, Z-NET with Z-wave plugin 3.0.1.190, RFXCOM + 2x RFXtrx433E, HSTouch, Squeezebox plugin, iTach IP/WF2IR & GC-100-6 with UltraGCIR, BLDenon, NetcamStudio, Jon00s Webpage builder, Harmony Hub plugin, SCSIP (with FreePBX), Arduino plugin, IFTTT, Pushalot plugin, Device History plugin.
    Running on Windows 10 (64) virtualized
    on ESXi (Fujitsu Primergy TX150 S8).
    WinSeer (for Win10) - TextSeer - FitbitSeer - HSPI_MoskusSample

    Are you Norwegian (or Scandinavian) and getting started with HomeSeer? Read the "HomeSeer School"!

    #2
    You can most likely convert the certificate (including adding password). Check out: https://www.sslshopper.com/ssl-converter.html
    Nicolai L

    Comment


      #3
      Hm. That's a thought worth trying. I threw money on the problem.

      The problem NOW is that the SSL web server in HS3 apparently has some issues. There's no connectivity in Firefox or Chrome. Edge/IE works fine, though.
      HSPro 3.0.0.458, Z-NET with Z-wave plugin 3.0.1.190, RFXCOM + 2x RFXtrx433E, HSTouch, Squeezebox plugin, iTach IP/WF2IR & GC-100-6 with UltraGCIR, BLDenon, NetcamStudio, Jon00s Webpage builder, Harmony Hub plugin, SCSIP (with FreePBX), Arduino plugin, IFTTT, Pushalot plugin, Device History plugin.
      Running on Windows 10 (64) virtualized
      on ESXi (Fujitsu Primergy TX150 S8).
      WinSeer (for Win10) - TextSeer - FitbitSeer - HSPI_MoskusSample

      Are you Norwegian (or Scandinavian) and getting started with HomeSeer? Read the "HomeSeer School"!

      Comment


        #4
        The webserver in HomeSeer uses old encryption methods that Firefox and Chrome do not like. The way around it is to use a reverse proxy with SSL that feeds HomeSeer with HomeSeer running on plain old http. I use Nginx. No problems with the passphrase either. If you already have the cert it is quite simple to set up.

        Comment


          #5
          Originally posted by mikaluch View Post
          The webserver in HomeSeer uses old encryption methods that Firefox and Chrome do not like. The way around it is to use a reverse proxy with SSL that feeds HomeSeer with HomeSeer running on plain old http. I use Nginx. No problems with the passphrase either. If you already have the cert it is quite simple to set up.
          That might be a solution!

          It seems complicated thought, but I hope I'm wrong.
          HSPro 3.0.0.458, Z-NET with Z-wave plugin 3.0.1.190, RFXCOM + 2x RFXtrx433E, HSTouch, Squeezebox plugin, iTach IP/WF2IR & GC-100-6 with UltraGCIR, BLDenon, NetcamStudio, Jon00s Webpage builder, Harmony Hub plugin, SCSIP (with FreePBX), Arduino plugin, IFTTT, Pushalot plugin, Device History plugin.
          Running on Windows 10 (64) virtualized
          on ESXi (Fujitsu Primergy TX150 S8).
          WinSeer (for Win10) - TextSeer - FitbitSeer - HSPI_MoskusSample

          Are you Norwegian (or Scandinavian) and getting started with HomeSeer? Read the "HomeSeer School"!

          Comment


            #6
            It is simpler and more logical than getting the cert that's for sure. It took about an hour to learn to configure nginx - for a simple setup anyway it is much easier to configure than Apache. The examples include the SSL reverse proxy so you pretty much just comment other things out. I also bind the HomeSeer web server to localhost. It listens for nginx there just fine. I'll probably try the same for HSTouch soon. It's on my to do list anyway.

            Comment


              #7
              I found this thread: http://board.homeseer.com/showthread.php?t=178990
              ... which makes me think there are caveats to be worried about.

              Perhaps you have something that works?


              When you bind HS3 to localhost, will it not be accessible (without SSL) on the local network?
              HSPro 3.0.0.458, Z-NET with Z-wave plugin 3.0.1.190, RFXCOM + 2x RFXtrx433E, HSTouch, Squeezebox plugin, iTach IP/WF2IR & GC-100-6 with UltraGCIR, BLDenon, NetcamStudio, Jon00s Webpage builder, Harmony Hub plugin, SCSIP (with FreePBX), Arduino plugin, IFTTT, Pushalot plugin, Device History plugin.
              Running on Windows 10 (64) virtualized
              on ESXi (Fujitsu Primergy TX150 S8).
              WinSeer (for Win10) - TextSeer - FitbitSeer - HSPI_MoskusSample

              Are you Norwegian (or Scandinavian) and getting started with HomeSeer? Read the "HomeSeer School"!

              Comment


                #8
                I don't see the caveat in that link unless it is the part about a self-generated cert but not an external one. I am using a cert signed by Comodo for a domain I purchased at NameCheap. But it wouldn't matter to nginx or my homeseer host if it was self-signed. It is the clients that balk at obsolete encryption. You define in the config what methods nginx will accept.

                My config is a lot simpler than the one in the link. He is offloading other tasks to nginx. I just have nginx show the cert to the client and then pass the client to HomeSeer. Client authentication is still by HomeSeer id/password.

                Yes the way I set it up everyone has to use SSL, including within my LAN. I also require passwords in my LAN. I start with the assumption that sooner or later someone will browse the wrong site and there will be a threat within my LAN.

                Edit: Nginx does the SSL decryption also by definition so my setup does offload HomeSeer for that task.

                Comment


                  #9
                  Originally posted by mikaluch View Post
                  Yes the way I set it up everyone has to use SSL, including within my LAN. I also require passwords in my LAN. I start with the assumption that sooner or later someone will browse the wrong site and there will be a threat within my LAN.
                  Yes, that IS a worry that I share. HS3 is controlling MY HOUSE including door locks. If somebody breaks the Wifi encryption (not very likely, but still; it could happen) they now have potential access to the whole system. I'm not a fan of that, but it is required by HS3 for certain things.

                  I would love it if you could post your config file.
                  HSPro 3.0.0.458, Z-NET with Z-wave plugin 3.0.1.190, RFXCOM + 2x RFXtrx433E, HSTouch, Squeezebox plugin, iTach IP/WF2IR & GC-100-6 with UltraGCIR, BLDenon, NetcamStudio, Jon00s Webpage builder, Harmony Hub plugin, SCSIP (with FreePBX), Arduino plugin, IFTTT, Pushalot plugin, Device History plugin.
                  Running on Windows 10 (64) virtualized
                  on ESXi (Fujitsu Primergy TX150 S8).
                  WinSeer (for Win10) - TextSeer - FitbitSeer - HSPI_MoskusSample

                  Are you Norwegian (or Scandinavian) and getting started with HomeSeer? Read the "HomeSeer School"!

                  Comment


                    #10
                    It's getting pretty late here and I will have to clean them up a little (I combined examples and then commented a lot out). I will PM them tomorrow. If you don't see them send me a reminder. I injured my back working on the wiring in my house Saturday and I'm on some pain killers right now.

                    Comment


                      #11
                      I was actually surprised to find someone awake in LA and even on the forums.

                      Back pain is among the worst (but I think my wife disagrees) because it limits you so much. Get better!
                      HSPro 3.0.0.458, Z-NET with Z-wave plugin 3.0.1.190, RFXCOM + 2x RFXtrx433E, HSTouch, Squeezebox plugin, iTach IP/WF2IR & GC-100-6 with UltraGCIR, BLDenon, NetcamStudio, Jon00s Webpage builder, Harmony Hub plugin, SCSIP (with FreePBX), Arduino plugin, IFTTT, Pushalot plugin, Device History plugin.
                      Running on Windows 10 (64) virtualized
                      on ESXi (Fujitsu Primergy TX150 S8).
                      WinSeer (for Win10) - TextSeer - FitbitSeer - HSPI_MoskusSample

                      Are you Norwegian (or Scandinavian) and getting started with HomeSeer? Read the "HomeSeer School"!

                      Comment


                        #12
                        Originally posted by mikaluch View Post
                        The webserver in HomeSeer uses old encryption methods that Firefox and Chrome do not like. The way around it is to use a reverse proxy with SSL that feeds HomeSeer with HomeSeer running on plain old http. I use Nginx. No problems with the passphrase either. If you already have the cert it is quite simple to set up.
                        You have GOT to be kidding me? Sigh. I have a brand new HomeTroller with HS3Pro. Spend real $$ on a cert from DigiCert. Enable it in the GUI... Complete failure to connect. WTF??

                        Spend an hour trying to figure it out. Trying different ports, etc...

                        I'm happy I found this thread but...REALLY? How can they be shipping a brand new product/version and not have it work with the most common browsers out there? Including the one which is the default browser on their own HomeTroller!!!

                        Pretty annoyed at how buggy this is after spending ~$2k... Yeah I am technical enough to work around this crap but I shouldn't need to.

                        Comment


                          #13
                          Add yourself to these bugs in Bugzilla, and we'll see if they do anything about it:

                          3277 - SSL without passphrase crashes webserver
                          3278 - SSL connection does not work with Firefox or Chrome
                          3279 - Enabling SSL server crashes both web servers within 12 hours
                          3280 - HStouch: ImageURLnormal not showing images from HTTPS / SSL
                          HSPro 3.0.0.458, Z-NET with Z-wave plugin 3.0.1.190, RFXCOM + 2x RFXtrx433E, HSTouch, Squeezebox plugin, iTach IP/WF2IR & GC-100-6 with UltraGCIR, BLDenon, NetcamStudio, Jon00s Webpage builder, Harmony Hub plugin, SCSIP (with FreePBX), Arduino plugin, IFTTT, Pushalot plugin, Device History plugin.
                          Running on Windows 10 (64) virtualized
                          on ESXi (Fujitsu Primergy TX150 S8).
                          WinSeer (for Win10) - TextSeer - FitbitSeer - HSPI_MoskusSample

                          Are you Norwegian (or Scandinavian) and getting started with HomeSeer? Read the "HomeSeer School"!

                          Comment

                          Working...
                          X