Custom self signed CA certificate question/help

V

VanFanel89

2[H]4U
Joined
Apr 21, 2004
Messages
2,931
Gents,

I am in a bit of a pickle - allow me to elaborate:

I have ZoneMinder setup at home which I use for surveillance. There's a neat app out there for iDevices called eyeZM which allows me to monitor devices over 3G signal. Unfortunately, it would not work with unsigned SSL certificates... (the ones where the browser says OMG ITS UNTRUSTED BUT DO YOU STILL WANNA DO IT???).

Fortunately I found a guide that tells you how to make a self-signed CA certificate and deploy it on Apache (apache2 on Debian Squeeze 6.0).

Unfortunately... whatever I do seems to fail and it still says the certificate is untrusted. My network setup is as following:

Zoneminder Server -> pfSense firewall -> outside world. To access the server, I just a port on the firewall forwarding to port 443 on the server. Perhaps that's the root cause of the problem? I gave the cert the domain of the server on my LAN (i.e. server.lan) for the common name (varying between the CA and Server cert) but it still does not work properly...


Can someone point me in the right direction of what I may be doing wrong? This is the guide I was using...

http://www.tc.umn.edu/~brams006/selfsign.html



Thanks!
 
startcom offers free certs, you could use one of those instead. I have used them when i was trying sbs and they worked fine since it was really just for my use not to have a ecommerce site or anything major. Self signed ones aren't tied to a master ca so some apps don't like them because of trust issues.
 
For my personal domain I spent $10 per year to get a certificate from NameCheap.com. I have found only a few things will not work with the NameCheap certificate, usually military/DoD who has restricted which certificate companies they will accept as valid.
 
As to answer why it won't work for you; a self-signed cert is still untrusted by any of the big root CAs that might already be present in your device. What you have to do is get a cert from a known trusted CA, *OR* install the self-signed cert in your device's root authority store directly ( if you can. this isn't always a possibility ).

Getting a cheapo/free ssl from the places mentioned would probably work out.
 
Ugh - so stratcom ain't gonna work since i use no-ip DNS service which is on their blacklist :sadpanda:
 
In general, in order to get a real SSL certificate, you have to have your own second level domain i.e. example.com.

Some of the dynamic DNS services will let you do a third level i.e. whatever.no-ip.com, but most will not.

Get a real domain with dynamic DNS and then get to it. http://dyn.com/dns/ (dyn standard dns or above)
 
Yeahhhhh that is unfortunately what I'd have to do. However, I found a relatively easy way to setup PPTP VPN on my iphone with pfSense which achieves the same result. Yes - PPTP is weksos, but it's for one device and for one purpose only!
 
You must log in or register to reply here.
Back
Top