HC3-HTTPS access

[cag014 628]

Is anyone has succeed to use https connection?

 

I did follow Fibaro's procedure to install certification

1. Download the certificate.
2. In the Windows Start menu search for mmc app and open it.
3. In the MMC (Microsoft Management Console) app go to File > Add/Remove Snap-In.
4. Add Certificate Snap-in:
5. Certificates > Select “Computer account” > Next > Next > OK.
6. Now go to Certificates > Trusted Root Certification Authorities and right-click on “Certificates”
7. Import the certificate.
8. Find the certificate downloaded from the FIBARO Home Center 3.
9. Import it.
10. Done.
11. Your connection with the gateway is now secure.

but doesn't work on FIrefox. (Expiration date ?)

Please login or register to see this spoiler.

 

Any extra steps required to install certification?

Interesting it does work with Chrome !!??

Edited February 18, 2020 by cag014

[tinman 1,025]

just set in Firefox to not ask bt to chose automatically the certificate

 

 

Edited February 18, 2020 by tinman

[cag014 628]

2 minutes ago, tinman said:

just set in Firefox to not ask bt to chose automatically the certificate

Did it doesn't help. See below

Please login or register to see this spoiler.

 

Edited February 18, 2020 by cag014

[tinman 1,025]

security.enterprise_roots.enabled to true on the about:config 

[cag014 628]

Thaaaaaaaaaaanks... now it works.

Looks like you're expert on security, may I ask how can I use https on my mobile phone using browser? (I have fixed IP and don't use fibaro's remote access). I believe it now router security issue, right?

Fibaro should add this instruction to their procedure...

Edited February 19, 2020 by cag014

[tinman 1,025]

Yes, Fibaro could create something in faq, but actually on mobile devices one can use Fibaro app, which is secure(d). When using mobile browser apps, it depends on OS/app/verison … so not easy to describe "the working" Setup. One can of course download the certificate from http://HC3-IP/api/settings/certificates/ca on any device and install it, on ios actually twice (install, agree, install  in Settings, similar to Fibaro Intercom certificate Installation). However, depends on the mobile browser app/device type, you might have no chance to autoaccept Fibaro's cert in the mobile browser app (which is not a real issue, but it 'sucks' to click twice). Brave is sometimes OK; Firefox as always the last s**, Safari ? not using anymore ^^ 

 

The additional problem might be DNS Resolution on mobile devices,  when accessing remotely  you might not be able to resolve your HC3 with the name, and when you go over IP the certificate will be displayed as not valid, which means extra 1-2 clicks necessary to use it anyway. Now having https "one could" left the hc3 open to internet, i still prefer vpn. The Home Center App, which is necessary to work with HC3, does not save local connections, so again one need to click/type bit more, Luckily there are other apps available.

 

 

 

Edited February 19, 2020 by tinman

[cag014 628]

@tinman

Thanks for sharing that.

Eventually it works fine (except security warning on mobile browser) by forwarding port on router to https port (443).

Now HC3 configured to accept https connection only and it works on LAN and WAN.

Thank you again.

[NLWaard 12]

Hi, Same problem here,

installed the ca.cer and set the secure connection to https.

Where can I find that  about:config?

[dlizak 7]

Just type "about:config" in address bar.

[NLWaard 12]

Ok,? hmmm. Thanks.

I think my problem is MS-edge.
even edge://about:config is not possible.

 

In edge://settings/privacy there is a certificate section. 
in there I see the Fibar cer. But still no https.

 

Open the HC3 not by IP but by is name (like the HC3 manual explaned) helped.

like : '

Please login or register to see this link.

'

now its a secured line..

 

Edited September 15, 2020 by NLWaard
login by name

[Berti 1]

Hi, has there been any change? I can not find the ca.cer .  I use Edge. 

thanks for the help

Please login or register to see this image.

/monthly_2021_06/Unbenannt11.PNG.3a141482fcee6924540fb25aa5cca913.PNG" />

Edited June 14, 2021 by Berti

[Berti 1]

has been settled ?

[Dommel 2]

Hi, did someone now how this works (https access) on a Mac? MacOS Monterey with Safari?