Charmed Quark Systems, Ltd. - Support Forums and Community
New Amazon Echo Support - Printable Version

+- Charmed Quark Systems, Ltd. - Support Forums and Community (https://www.charmedquark.com/vb_forums)
+-- Forum: General Discussion (https://www.charmedquark.com/vb_forums/forumdisplay.php?fid=3)
+--- Forum: CQC Support (https://www.charmedquark.com/vb_forums/forumdisplay.php?fid=9)
+--- Thread: New Amazon Echo Support (/showthread.php?tid=9423)



New Amazon Echo Support - jkmonroe - 09-12-2016

you cant cert a .local anyways, it has to be a public TLD.

im betting you dont have the cert installed correctly. is there something special you need to do on the CQC Web Server?


New Amazon Echo Support - Dean Roddey - 09-12-2016

The web server uses the info provided in during the installation to tell it what certificate to load, and to respond with if the incoming request is valid.

Generally it's:

Store:my,whatever

'my' is your own local store. Apparently the server is getting the certificate since he can do an internal HTTPS connection to it. So it has to be something beyond that.

He has a public domain address, a dynamic DNS address AFAIK. And, I assume he has registered his public certificate, though looking back I didn't see that said out loud, which is why I just asked above.


New Amazon Echo Support - jkmonroe - 09-12-2016

Dean Roddey Wrote:'my' is your own local store. Apparently the server is getting the certificate since he can do an internal HTTPS connection to it. So it has to be something beyond that.

but he's not getting an internal HTTPS connection. he said in another post that inside he uses the .LOCAL, which would be a cert mismatch on a public, so somewhere he has a self-signed hanging around on that .local he needs to change.


New Amazon Echo Support - zra - 09-12-2016

Dean Roddey Wrote:OK, I'm diffused. Above you said "It does. That test succeeds. Obviously though, I'm using my local domain name cqcmaster.zrasdomain.local". Where did you use that local domain name? If you did:

https://home.zrasdomain.com/whatever.jpg

Then clearly it had to go out to the public network, find your public IP address, and come back in via the HTTPS port and get to our web server ok.

If you do the above and it doesn't work, what error do you get in the browser?

This isn't going to work from outside the network unless I forward port 80 to the webserver. It's my understanding that all secure content needs to go into one of the secure folders(admin,normal,power) and then permissions need to be dealt with.

I just put the test image in the root folder, thus port 80 accessible.

I have an internal DNS server, so from an internal machine all I have to do is use the local FQDN - IE cqcmaster.zrasdomain.local/testimage.jpg

Or I can use the IP address.

Trying to access that server from inside my network using my external IP address isn't going to work.

Does that make sense?

Again, the webserver is working using port 80 communications. Its the 443 secured that is failing.


New Amazon Echo Support - zra - 09-12-2016

Dean Roddey Wrote:The web server uses the info provided in during the installation to tell it what certificate to load, and to respond with if the incoming request is valid.

Generally it's:

Store:my,whatever

'my' is your own local store. Apparently the server is getting the certificate since he can do an internal HTTPS connection to it. So it has to be something beyond that.

He has a public domain address, a dynamic DNS address AFAIK. And, I assume he has registered his public certificate, though looking back I didn't see that said out loud, which is why I just asked above.

Dean you said, "Store"

I had MStore per the websockets doc. Is that a typo?


New Amazon Echo Support - jkmonroe - 09-12-2016

zra Wrote:I have an internal DNS server, so from an internal machine all I have to do is use the local FQDN - IE cqcmaster.zrasdomain.local/testimage.jpg

this isn't a thing, but you should really consider changing your domain to a TLD per best practices. it makes dealing with issues like this a lot easier, particularly in regards to things like split DNS.


New Amazon Echo Support - zra - 09-12-2016

jkmonroe Wrote:you cant cert a .local anyways, it has to be a public TLD.

im betting you dont have the cert installed correctly. is there something special you need to do on the CQC Web Server?

It's possible.

I have:

home.zrasdomain.com in personal and other people


New Amazon Echo Support - Dean Roddey - 09-12-2016

zra Wrote:This isn't going to work from outside the network unless I forward port 80 to the webserver. It's my understanding that all secure content needs to go into one of the secure folders(admin,normal,power) and then permissions need to be dealt with.

This is separate from that. If you use https, then the connection will be on 443 (unless you tell the browser to do otherwise) so it will do a secure connection. The secure folders are a separate thing altogether and make the web server do a simple digest challenge to the browser.

Quote:Trying to access that server from inside my network using my external IP address isn't going to work.

Actually it should. If you have a publicly visible DNS name, then using it from inside your network should resolve to your public IP address and should cause you to go out and back in again, or at least to your router and through any port forwarding and such, and it should look like an external access for testing purposes.


New Amazon Echo Support - Dean Roddey - 09-12-2016

zra Wrote:Dean you said, "Store"

I had MStore per the websockets doc. Is that a typo?

That was a typo on my part.


New Amazon Echo Support - jkmonroe - 09-12-2016

zra Wrote:It's possible.

I have:

home.zrasdomain.com in personal and other people

do you have both certs installed? you should have your home.zrasdomain.com and the root cert chain for your provider.