Open The Web interface in a https

[J Julio F Leite - Cajoni - P e Q Comercial Ltda.]

It seems that I did everything right, but i can't open the web interface of mine as secure one, i mean, as a https one. How can I do that?

[HaraldL]

Didn't do this lately so I hope I don't miss anything:

 

1. In DMS config go to Web/UPnP -> HTTPS, check the names and if needed add all forms of local addresses and IPs that you use to access the DMS website (i.e. "pc5" and "pc5.mydomain" etc.), then create a certificate by the button on this page

2. In DMS config go to Web/UPnp and set a port for HTTPS, usually 8088 by default

3. restart DMS (should not be needed but just to be sure)

Now the DMS webpage should be reachable by https with the new port (i.e. https: //pc5:8088) but may show an error that the cert is not valid or cannot be verified. Some browsers may refuse completely.

 

4. as written on the HTTPS config page copy "cacert.pem" and "InstallRootCertificate.bat" from cert folder of the DMS (there is a button for it on the page) to all client pcs that should access the DMS and execute the .bat by right mouse click "as administrator". For Firefox browser this does not work, here you have to go to cert settings in Firefox and import the .pem file as new root certificate. The two files can be deleted from clients afterwards.

 

After this step the client accepts the DMS cert as valid and instead of a warning shows a green sign in the address bar.

 

Warning: HTTPS secures the website only. If you forward the stream ports of the DMS those are not secured, you should not offer those by port forwarding on the internet!

 

When it works you should save the cacert.pem and cakey.pem of your install to a secure place. If you reinstall DMS and copy back those two files in the cert folder before you generate a new DMS cert previous clients accept it directly and you don't have to distribute the cert again to the clients. If you start from fresh you must delete the old cert from all clients and install the new one. And if you use more than one DMS you should copy the both ca*.pem files from first DMS to the other before you create a DMS cert. So all DMS server certs created with the same ca*.pem will be accepted by the same single cert on the clients.

 

[J Julio F Leite - Cajoni - P e Q Comercial Ltda.]

4 hours ago, HaraldL said:

Didn't do this lately so I hope I don't miss anything:

 

1. In DMS config go to Web/UPnP -> HTTPS, check the names and if needed add all forms of local addresses and IPs that you use to access the DMS website (i.e. "pc5" and "pc5.mydomain" etc.), then create a certificate by the button on this page

2. In DMS config go to Web/UPnp and set a port for HTTPS, usually 8088 by default

3. restart DMS (should not be needed but just to be sure)

Now the DMS webpage should be reachable by https with the new port (i.e. https: //pc5:8088) but may show an error that the cert is not valid or cannot be verified. Some browsers may refuse completely.

 

4. as written on the HTTPS config page copy "cacert.pem" and "InstallRootCertificate.bat" from cert folder of the DMS (there is a button for it on the page) to all client pcs that should access the DMS and execute the .bat by right mouse click "as administrator". For Firefox browser this does not work, here you have to go to cert settings in Firefox and import the .pem file as new root certificate. The two files can be deleted from clients afterwards.

 

After this step the client accepts the DMS cert as valid and instead of a warning shows a green sign in the address bar.

 

Warning: HTTPS secures the website only. If you forward the stream ports of the DMS those are not secured, you should not offer those by port forwarding on the internet!

 

When it works you should save the cacert.pem and cakey.pem of your install to a secure place. If you reinstall DMS and copy back those two files in the cert folder before you generate a new DMS cert previous clients accept it directly and you don't have to distribute the cert again to the clients. If you start from fresh you must delete the old cert from all clients and install the new one. And if you use more than one DMS you should copy the both ca*.pem files from first DMS to the other before you create a DMS cert. So all DMS server certs created with the same ca*.pem will be accepted by the same single cert on the clients.

 

It worked now, thanks.