- This topic is empty.
June 27, 2014 at 8:51 pm #23007
I recently secured my Pi using the steps listed in the wiki.
So now I can access the OSPi within my lan via the ip address https://192.168.1.x. That will bring up a certificate warning (I’m using a self signed cert) followed by the username and password prompt. From there I can successfully access the OSPi’s python program.
From outside the lan, I have a dynamic dns service pointing to my LAN. I can access the python program by visiting https://my.dynamicdns.org:12345. I’m using my router’s NAT to sends traffic to the OSPi at https://192.168.1.x. This works great and is the same as accessing it within the LAN. I can even access it using https://username:[email protected].
But I can’t get the android app to connect to the OSPi. It doesn’t matter if I’m in the LAN or outside of it. From within the LAN I manually added the device and set the Sprinkler IP to 192.168.1.x, added the python program password, and checked Use Auth and Use SSL in the advanced settings. The gives me the error “Check IP/Port”.
From outside the lan I’ve tried it with the dynamic dns address and the actual WAN IP address, but I get the same error.
So in short, I have secured access to the python interval program from anywhere (inside or outside the LAN) using a pc or my android phone’s browser, but the Android app won’t connect. Is it the unsigned cert perhaps? Any other ideas?June 27, 2014 at 9:47 pm #27394
It’s most likely your SSL certificate. Being invalid is causing an error and preventing the connection. You can get by for free by using a startssl.com certificate.June 30, 2014 at 3:08 am #27395
Thanks for your suggestion – I suspected it was the self signed cert and you confirmed it. I wasn’t able to use startssl to create a cert because I’m using a dynamic address provider. So I exported my PEM cert as a CRT, installed it on my phone and everything works. For those who may be wondering, you can convert your PEM to a CRT with the following command: “sudo openssl x509 -inform PEM -outform DM -in mycertname.pem -out mycertname.crt”.
For android users, copy that CRT to your device. I connected my phone to my laptop and copied it. Then go to Settings > Security > Install From Storage and you’re all set! you might have to add a pin lock to your device if you haven’t done so already.
- You must be logged in to reply to this topic.