Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
WebRIVA, domains, Security Certs
#1
Given WebRIVA, we're going to need security certs.

I don't think security certs work on dynamic DNS addresses (ie IVB-Rockstar.Dyn.Com). Is that correct?  

Assuming yes, i'm not sure how i'd setup Dyn.com to direct traffic to my house (ie the dynamic DNS portion). Anyone know? 

And once I do that, i'd go digicert or someplace to actually buy the cert, right?
------------------------------------
Devices I can't stand and wish I could replace: SmartThings, Hue, Concerto, VRUSB
My vlogs: https://www.youtube.com/c/IVBsHomeAutomation
Reply
#2
So I can probably answer part of it. I know from working with Dynamic sites at work, you can have a cert attached to a hostname that has a dynamic IP, but typically it has to be an owned domain, so you would need to purchase Something.com and register it with your Dynamic DNS service or point it to that service. Most cert companies will not issue certs for the generic ddns domains.

We have been using NoIP.com at work lately. For the certs it has to be a paid account, and then you can buy a cert with them. All in all it is less than $100/yr with NoIP. But dont hold me to the numbers. I tend to use Google Domains and DNS for personal things because it can be cheaper.

In theory, a cert doesn't need to interact with the DNS side as long as everything is routable. I would think that as long as it is your domain name, and its pointing to your server, you can use whatever for a certificate, and whoever you want for your dynamic dns. You could probably use Google Domains to register and get private domain hosting, use their free ddns service, and then use digicert, comodo, or even LetsEncrypt (free but has to be renewed every 90 days).

Hopefully that all makes sense, I probably made it more complicated than it needs to be.
Robert
Reply
#3
Google Domains has a free dynamic service included (which is what I use). It is compatible with Ubiquiti EdgeRouter (which I think you use, as do I and I can confirm it works), so your primary domain will resolve to your home IP.

So now you can buy whatever cert you want, *.ivb.com, ivb.com, whatever and import it to your server or servers.

If you want to cert your synology, the same thing holds true, but you can use the free and built in Let's Encrypt. So synology.ivb.com would be fully secure to your synology, and webriva.ivb.com would be fully secure to your CQC server.

Let me know if you need/want any help getting Google Domains/DNS setup - it's by far the easiest solution I have found.
do the needful ...
Hue | Sonos | Harmony | Elk M1G // Netatmo / Brultech
Reply
#4
Sweet! Sounds like the toughest part will be to pick the right domain name...
------------------------------------
Devices I can't stand and wish I could replace: SmartThings, Hue, Concerto, VRUSB
My vlogs: https://www.youtube.com/c/IVBsHomeAutomation
Reply
#5
McLovin.com
Dean Roddey
Software Geek Extraordinaire
Reply
#6
My solution to this is to start up a VPN connection if I really need to do remote access when not at home. I've not automated it with Tasker yet but that is doable.
Reply
#7
VPN would be the most secure, then yo are not exposing any potentially hackable surfaces outside of your network.
Robert
Reply
#8
WebRIVA would not have the same complexities for VPN that would otherwise exist for any of the regular CQC processes. No UDP packets or broadcasts are involved, it's just a single, persistent websocket (TCP/IP) connection. So it wouldn't require (presumably) require a doctorate in VPNology to get that one going.
Dean Roddey
Software Geek Extraordinaire
Reply
#9
No, but that doctorate would come in handy while you try and teach your spouse how to connect to VPN and THEN click this icon and THEN when all is done disconnect the VPN.

Just make a specific interface for your phones that has limited functionality to mitigate your risk exposure. Smile
do the needful ...
Hue | Sonos | Harmony | Elk M1G // Netatmo / Brultech
Reply
#10
Maybe on an iPhone it would require a doctorate (now there's an irony) You forgot the close the browser tab step.

Seriously though I'm interested in what your use case is where your spouse (or children) need to interact with the automation system remotely? I'm presuming there is something that is coming up fairly often..?

BTW I just set Tasker up to start VPN, open a browse tab to CQC, wait set time (for testing 3 minutes) and then turn off VPN. Oh and that's a single click task icon on my home screen.  Only thing it doesn't do is close the browser tab. So for Android it doesn't require a doctorate (another irony me thinks  Undecided )
Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  Best Resolutions for iOS using WebRIVA znelbok 1 22 3 hours ago
Last Post: Dean Roddey
  WebRiva iPhone X monetteboy 16 213 Yesterday, 12:36 PM
Last Post: jkmonroe
  webriva template question lleo 21 636 01-08-2018, 08:53 AM
Last Post: Dean Roddey
  WebRIVA - Raspberry PI - View Only batwater 2 1,269 09-17-2017, 06:41 PM
Last Post: znelbok
  Security video with CQC bryanb 19 2,208 04-22-2016, 05:13 PM
Last Post: Dean Roddey
  Off topic security question rtarver 2 1,010 10-13-2014, 07:49 PM
Last Post: rtarver
  Error about Security Server George M 3 778 11-25-2012, 04:50 PM
Last Post: Dean Roddey
  Icons for Security Status? rbroders 0 1,197 07-16-2011, 10:24 PM
Last Post: rbroders
  Security Camera Images - How To? batwater 5 1,351 01-16-2010, 10:08 AM
Last Post: batwater
  Vista/XPSP2 Unknown Publisher Security Warning wuench 3 1,767 04-27-2009, 07:47 AM
Last Post: Bodshal

Forum Jump:


Users browsing this thread: 1 Guest(s)