Installation - SSL¶
This chapter is for information. For a basic installation, you don’t need to apply the content of this chapter.
Activate ssl for admin and REST¶
Activating ssl is a good idea for the security. But, without a valid certificate (more informations here), your browser may display a message that warn you about security when you are trying to access Domogik administration.
The instructions on this page will install a personnal certificate which will not be valid. But it will still add more security!
Don’t forget to upgrade your Domoweb or Domodroid configuration if you activate the ssl.
Just execute the ssl_activate.sh script and restart domogik to use ssl.
Advanced activation tutorials¶
Generate the certificate¶
Tou will need to generate 2 files, the self signed certificate and the key file:
First we need to generate the key file without a paraphrase:
$ openssl genrsa -des3 -out <hostname>.key 1024
You should now have a <hostname>.key file.
The second file is the certificate itself, this is generated in 2 steps:
1- generating the Certificate Signing Request:
$ openssl req -new -key <hostname>.key -out <hostname>.csr
2- the self signed certificate:
$ openssl x509 -req -days 365 -in <hostname>.csr -signkey <hostname>.key -out <hostname>.crt
If you followed the above steps you will have the 2 needed files, <hostname>.key and <hostname>.crt
Configure the Admin/rest component to use ssl¶
To configure rest to use ssl we need to adapt the /etc/domogik/domogik.cfg file, there are 3 important keys for this
- use_ssl = True
- ssl_certificate = should point to the .crt file
- ssl_key = should point to the .key file
One this is updated restart domogik, and rest should be running with ssl enabled.
Upgrade Domoweb configuration¶
Just replace the rest_url parameter. For example,
rest_url = 'http://192.168.1.50:40406/rest'
Will become :
rest_url = 'https://192.168.1.50:40406/rest'