Https server not secure

S O

I’m wondering whats wrong with my settings because getting https not secure when connecting my pimatic from internet. I did the settings according the installation guide. Disabled http and enabled https.

"httpsServer": {
  "enabled": true,
  "port": 443,
  "hostname": "",
  "keyFile": "ca/pimatic-ssl/private/privkey.pem",
  "certFile": "ca/pimatic-ssl/public/cert.pem",
  "rootCertFile": "ca/certs/cacert.crt"
},

I was thinking if something wrong when giving dyndns name, which is from my asus modem like somename.asuscomm.com. Another thing that do I have to input something as hostname in the config?
I can log in but i get security warnings.
What should I check?

mwittig

@S-O said in Https server not secure:

I’m wondering whats wrong with my settings because getting https not secure when connecting my pimatic from internet.

There is noting wrong with the pimatic config. Most likely it is problem with the certificate.

Are you using the “https” URL rather than jsut “http”?
Are you using a server certificate issued by a trusted CA?
Has the certificate been isssued for the domain, i.e. asuscomm.com, you are using to access from the internet?

You can also use an SSL checker to get a detailed analysis, e.g. see https://www.ssllabs.com/ssltest/ for a free online test

S O

I use https://somename.asuscomm.com address and used ssl-setup script according wiki.

But, do I get the certificate for asuscomm.com and not somename.asuscomm.com? Is it ok to run that script again with new name? 0_1500228771106_upload-09a1e7a4-e15f-47b6-92ea-1f815149f25a

mwittig

@S-O said in Https server not secure:

ssl-setup

Sorry, the ssl-setup script does not create a trusted certificate but it creates a self-signed CA and a server certificate. As you you can see in the Qualys output the CA issuer claims to be “pimatic.org” which is odd, because it actually you (executing the script). You can still let the browser trust the CA by importing it as a trustpoint, but I don’t recommend this. Better use a server certificate created by let’s encrypt, for example. See the following topic for info: https://forum.pimatic.org/topic/1037/pimatic-with-trusted-ssl-certificate-from-letsencrypt