Charmed Quark Systems, Ltd. - Support Forums and Community
WebRIVA, domains, Security Certs - Printable Version

+- Charmed Quark Systems, Ltd. - Support Forums and Community (https://www.charmedquark.com/vb_forum)
+-- Forum: General Discussion (https://www.charmedquark.com/vb_forum/forumdisplay.php?fid=3)
+--- Forum: Installation/Configuration (https://www.charmedquark.com/vb_forum/forumdisplay.php?fid=10)
+--- Thread: WebRIVA, domains, Security Certs (/showthread.php?tid=10483)

Pages: 1 2 3 4


WebRIVA, domains, Security Certs - IVB - 01-10-2018

Given WebRIVA, we're going to need security certs.

I don't think security certs work on dynamic DNS addresses (ie IVB-Rockstar.Dyn.Com). Is that correct?  

Assuming yes, i'm not sure how i'd setup Dyn.com to direct traffic to my house (ie the dynamic DNS portion). Anyone know? 

And once I do that, i'd go digicert or someplace to actually buy the cert, right?


RE: WebRIVA, domains, Security Certs - bobskie708 - 01-10-2018

So I can probably answer part of it. I know from working with Dynamic sites at work, you can have a cert attached to a hostname that has a dynamic IP, but typically it has to be an owned domain, so you would need to purchase Something.com and register it with your Dynamic DNS service or point it to that service. Most cert companies will not issue certs for the generic ddns domains.

We have been using NoIP.com at work lately. For the certs it has to be a paid account, and then you can buy a cert with them. All in all it is less than $100/yr with NoIP. But dont hold me to the numbers. I tend to use Google Domains and DNS for personal things because it can be cheaper.

In theory, a cert doesn't need to interact with the DNS side as long as everything is routable. I would think that as long as it is your domain name, and its pointing to your server, you can use whatever for a certificate, and whoever you want for your dynamic dns. You could probably use Google Domains to register and get private domain hosting, use their free ddns service, and then use digicert, comodo, or even LetsEncrypt (free but has to be renewed every 90 days).

Hopefully that all makes sense, I probably made it more complicated than it needs to be.


RE: WebRIVA, domains, Security Certs - jkmonroe - 01-11-2018

Google Domains has a free dynamic service included (which is what I use). It is compatible with Ubiquiti EdgeRouter (which I think you use, as do I and I can confirm it works), so your primary domain will resolve to your home IP.

So now you can buy whatever cert you want, *.ivb.com, ivb.com, whatever and import it to your server or servers.

If you want to cert your synology, the same thing holds true, but you can use the free and built in Let's Encrypt. So synology.ivb.com would be fully secure to your synology, and webriva.ivb.com would be fully secure to your CQC server.

Let me know if you need/want any help getting Google Domains/DNS setup - it's by far the easiest solution I have found.


RE: WebRIVA, domains, Security Certs - IVB - 01-11-2018

Sweet! Sounds like the toughest part will be to pick the right domain name...


RE: WebRIVA, domains, Security Certs - Dean Roddey - 01-11-2018

McLovin.com


RE: WebRIVA, domains, Security Certs - batwater - 01-11-2018

My solution to this is to start up a VPN connection if I really need to do remote access when not at home. I've not automated it with Tasker yet but that is doable.


RE: WebRIVA, domains, Security Certs - bobskie708 - 01-11-2018

VPN would be the most secure, then yo are not exposing any potentially hackable surfaces outside of your network.


RE: WebRIVA, domains, Security Certs - Dean Roddey - 01-11-2018

WebRIVA would not have the same complexities for VPN that would otherwise exist for any of the regular CQC processes. No UDP packets or broadcasts are involved, it's just a single, persistent websocket (TCP/IP) connection. So it wouldn't require (presumably) require a doctorate in VPNology to get that one going.


RE: WebRIVA, domains, Security Certs - jkmonroe - 01-11-2018

No, but that doctorate would come in handy while you try and teach your spouse how to connect to VPN and THEN click this icon and THEN when all is done disconnect the VPN.

Just make a specific interface for your phones that has limited functionality to mitigate your risk exposure. Smile


RE: WebRIVA, domains, Security Certs - batwater - 01-11-2018

Maybe on an iPhone it would require a doctorate (now there's an irony) You forgot the close the browser tab step.

Seriously though I'm interested in what your use case is where your spouse (or children) need to interact with the automation system remotely? I'm presuming there is something that is coming up fairly often..?

BTW I just set Tasker up to start VPN, open a browse tab to CQC, wait set time (for testing 3 minutes) and then turn off VPN. Oh and that's a single click task icon on my home screen.  Only thing it doesn't do is close the browser tab. So for Android it doesn't require a doctorate (another irony me thinks  Undecided )