Author Topic: SSL certificate for secure Outside Access  (Read 7286 times)

brake16

  • Veteran
  • ***
  • Posts: 85
    • View Profile
SSL certificate for secure Outside Access
« on: May 30, 2009, 07:58:08 pm »
Good Morning

Well, I was just reading the wiki entry for Outside Access (http://wiki.linuxmce.com/index.php/Outside_Access), and it mentioned that setting up an SSL certificate would be costly and complicated.  So I Googled "buy SSL secure certificate", and found that GoDaddy.com offers several different SSL certificates, starting at $12.99 (http://www.godaddy.com/gdshop/compare/gdcompare_ssl.asp?isc=sslqgo008b)  So my questions:

  • Would the $12.99 certificate be sufficient, or what kind of certificate is needed?
  • How would it be complicated?
  • Does anybody have this sort of setup?  Would you be willing to explain what you did?

Bryce
The Second Empirical Law of Lasers is to not look into the beam with your remaining good eye  - Anonymous

merkur2k

  • Addicted
  • *
  • Posts: 513
    • View Profile
Re: SSL certificate for secure Outside Access
« Reply #1 on: May 30, 2009, 08:17:07 pm »
There is absolutely no need to purchase a signed ssl cert for this, since all that does is get rid of the warning in the web browser. A self signed cert is free and you can make it yourself. how to add it to the system is a bit harder though, but there are quite a few guides out there for adding ssl certs to apache.

colinjones

  • Alumni
  • LinuxMCE God
  • *
  • Posts: 3003
    • View Profile
Re: SSL certificate for secure Outside Access
« Reply #2 on: May 31, 2009, 12:07:03 am »
merkur2k is right, the only thing a "proper" cert gives you is a chain of trust back to a root authority that everyone trusts... thus means that someone else coming to your site, not only gets encryption but also trusts that your site is what it says it is. I assume that you won't have randoms accessing your site, and that you trust yourself! So you can just create a self-signed cert and use that...

brake16

  • Veteran
  • ***
  • Posts: 85
    • View Profile
Re: SSL certificate for secure Outside Access
« Reply #3 on: May 31, 2009, 12:39:57 pm »
I assume that....you trust yourself!

For the most part. ;D

Has anybody done this?  I have no problem Googling for how-to guides, but I don't want to break anything LMCE specific/special if I can avoid it.

Bryce
The Second Empirical Law of Lasers is to not look into the beam with your remaining good eye  - Anonymous

hari

  • Administrator
  • LinuxMCE God
  • *****
  • Posts: 2428
    • View Profile
    • ago control
Re: SSL certificate for secure Outside Access
« Reply #4 on: May 31, 2009, 01:52:15 pm »
it should be safe to add a ssl cert to apache (when you know what you are doing). Backup the config files first. AFAIK lmce does not touch those parts of the system at all.

br, Hari
rock your home - http://www.agocontrol.com home automation

brake16

  • Veteran
  • ***
  • Posts: 85
    • View Profile
Re: SSL certificate for secure Outside Access
« Reply #5 on: June 01, 2009, 01:04:39 am »
it should be safe to add a ssl cert to apache (when you know what you are doing)...

Gee, had to add that last part, huh? :P  I'm thinking that'll be something to add to the list of 'things-to-learn'.  Good to know it's not incredibly LMCE sensitive, so I might have some room to 'bumble about'.

Thanks
Bryce
The Second Empirical Law of Lasers is to not look into the beam with your remaining good eye  - Anonymous

pigdog

  • NEEDS to work for LinuxMCE
  • ***
  • Posts: 1105
    • View Profile
Re: SSL certificate for secure Outside Access
« Reply #6 on: June 01, 2009, 02:05:25 pm »
Hi brake16,

Here's a little help for your list.

http://www.tc.umn.edu/~brams006/selfsign.html

Cheers.

tschak909

  • LinuxMCE God
  • ****
  • Posts: 5549
  • DOES work for LinuxMCE.
    • View Profile
Re: SSL certificate for secure Outside Access
« Reply #7 on: June 01, 2009, 04:27:19 pm »
can somebody:

(1) make a feature request in trac?
(2) work on making this feature work out of the box with the system and submit a patch?

Thanks,
-Thom

brake16

  • Veteran
  • ***
  • Posts: 85
    • View Profile
Re: SSL certificate for secure Outside Access
« Reply #8 on: June 01, 2009, 04:38:17 pm »
Quote
Here's a little help for your list.

You are the man.  I wish I could give you a karma bump.
The Second Empirical Law of Lasers is to not look into the beam with your remaining good eye  - Anonymous

dlewis

  • Guru
  • ****
  • Posts: 401
    • View Profile
Re: SSL certificate for secure Outside Access
« Reply #9 on: June 01, 2009, 04:40:52 pm »
brake16, please read Thom's post and react accordingly... Thanks!

merkur2k

  • Addicted
  • *
  • Posts: 513
    • View Profile
Re: SSL certificate for secure Outside Access
« Reply #10 on: June 01, 2009, 04:50:07 pm »
I should have time today to take a poke at this.

brake16

  • Veteran
  • ***
  • Posts: 85
    • View Profile
Re: SSL certificate for secure Outside Access
« Reply #11 on: June 01, 2009, 05:26:39 pm »
can somebody:

(1) make a feature request in trac?
(2) work on making this feature work out of the box with the system and submit a patch?

Thanks,
-Thom

Feature request in trac has been made (http://trac.linuxmce.org/trac.cgi/ticket/226).

First time using trac.  Took me a bit to find it and figure out how to do it.  Feel free to offer thwapping corrections as needed.

Bryce
The Second Empirical Law of Lasers is to not look into the beam with your remaining good eye  - Anonymous

merkur2k

  • Addicted
  • *
  • Posts: 513
    • View Profile
Re: SSL certificate for secure Outside Access
« Reply #12 on: June 01, 2009, 08:18:18 pm »
Having spent some time with this this morning, I have come to the conclusion that this will never be possible since apache requires ssl sites to use static ip.
you could certainly work at it enough to do your own implementation, but it will not be possible to do an automated install that works on every setup.

brake16

  • Veteran
  • ***
  • Posts: 85
    • View Profile
Re: SSL certificate for secure Outside Access
« Reply #13 on: June 01, 2009, 08:32:31 pm »
Having spent some time with this this morning, I have come to the conclusion that this will never be possible since apache requires ssl sites to use static ip.
you could certainly work at it enough to do your own implementation, but it will not be possible to do an automated install that works on every setup.

Forgive the newbiness most likely apparent in this quesiton, but will DynDNS help?  I have DSL, and therefore, no static ip.

Bryce
The Second Empirical Law of Lasers is to not look into the beam with your remaining good eye  - Anonymous

merkur2k

  • Addicted
  • *
  • Posts: 513
    • View Profile
Re: SSL certificate for secure Outside Access
« Reply #14 on: June 01, 2009, 08:59:22 pm »
Well on a second look it may be possible, but i have hosed up my apache so badly at this point that its gonna hafta wait until i do a reinstall of the core i think.