diff options
| author | PliablePixels <pliablepixels@gmail.com> | 2015-06-25 16:47:38 -0400 |
|---|---|---|
| committer | PliablePixels <pliablepixels@gmail.com> | 2015-06-25 16:47:38 -0400 |
| commit | 9d95a27ad0db82ce048fd5e4862421e7d6fa9e62 (patch) | |
| tree | 39d8064449dc1c1c8bd47d5e576a5f5c03081b74 | |
| parent | 65e7255c868bed3bb950e7e36ab786934edc559f (diff) | |
updated instructions for SSL configuration
| -rw-r--r-- | docs/SSL-Configuration.md | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/docs/SSL-Configuration.md b/docs/SSL-Configuration.md new file mode 100644 index 00000000..c3c06d8e --- /dev/null +++ b/docs/SSL-Configuration.md @@ -0,0 +1,48 @@ +***SSL Configuration notes + +If your Zoneminder instance has SSL configured and you need zmNinja to connect to ZM over SSL you need to: + +1) Make sure you generate the certificates correctly +2) Import the certificate into iOS and Android + +****Certificate generation + +*****Self-signed certificates + +If you are using self signed certificated, you should make sure the "common name" matches the hostname (or public IP) +of the server you are installing ZM in. If not, zmNinja's SSL handshake will fail. + +If you have used 'make-ssl-cert' or a similar tool that automatically generates the cert for you, its very likely +you have certificate that uses the 'unix hostname' of your server. That will not work. + +Assuming you are usin apache and have SSL enabled, here is how to regenerate the certs + +This will create a self-signed certificate/key pair and store it in /etc/apache2/ssl (you may have to create that directory, or store it elsewhere) + +``` +sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/zoneminder.key -out /etc/apache2/ssl/zoneminder.crt +``` + +Next up, edit your apache ssl config (example /etc/apache2/sites-available/default-ssl.conf) +And add/modify the following lines: + +``` +SSLCertificateFile /etc/apache2/ssl/zoneminder.crt +SSLCertificateKeyFile /etc/apache2/ssl/zoneminder.key +``` + +restart apache + +``` +sudo service apache2 restart +``` + + +Then, you need to install zoneminder.crt in your mobile devices so that zmNinja does not reject the certificate as it is self signed. +The easiest way to do that is simply email it to yourself and open your email in the phone and install the attachment. Works for both +iOS and Android. Make sure you install it and go through the prompts + +Once you are done with these steps, zmNinja should be able to connect to ZM via SSL. Make sure you select SSL in the settings + +*****CA signed certificates +If you purchase a signed certificate, or set up your own root CA zmNinja should just work over SSL. I haven't tried it so far. |