Close

HOWTO: Utilize a valid, signed SSL cert in Sighthound 3.0

Learn how to turn an Android phone into an IP camera security system with Sighthound, download automation scripts & more.

Moderator: Staff

no avatar
KrisWragg
 
Posts: 3
Joined: Mon Oct 23, 2017 4:10 pm

Re: HOWTO: Utilize a valid, signed SSL cert in Sighthound 3.

by KrisWragg » Mon Oct 23, 2017 4:14 pm

Just trying to get this setup but having trouble.

I already have a domain with an SSL certificate (kriswragg.co.uk) and have added a sub-domain that points to my IP for my home network.

The SSL certificate is a wildcard so should be able to work but I can't figure out how to import it into SightHound. I have the certificate that starts with -----BEGIN CERTIFICATE----- but if I follow the latter parts of the steps it just seems to trample over my sv.crt and sv.sha files

Any tips?

no avatar
drifterific
 
Posts: 2
Joined: Tue Jan 23, 2018 12:24 am

Re: HOWTO: Utilize a valid, signed SSL cert in Sighthound 3.

by drifterific » Tue Jan 23, 2018 12:59 am

I use Lets Encrypt as my CA for my HomeAssistant installation and was wanting to utilize those same CA Certificates on Sighthound. I started digging around and found that if turned off all of the cameras and closed sighthound I could then navigate to:
Code: Select all
C:\Users\<user_name>\AppData\Local\Sighthound Video\web

I made a back up of:
Code: Select all
C:\Users\<user_name>\AppData\Local\Sighthound Video\web\sv.crt
C:\Users\<user_name>\AppData\Local\Sighthound Video\web\sv.key



Then I opened up a text editor and opened the Lets Encrypt chain (contains root and intermediate CA certs) and Site Certificate and put them into a new file named "sv.crt".
Code: Select all
-----BEGIN CERTIFICATE-----
Site Certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Intermediate Certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Root Certificate
-----END CERTIFICATE-----


For the key I made a copy of the Lets Encrypt key and named it "sv.key".

With Sighthound still off I then replaced the sv.crt and sv.key with the new ones I had created. Once I relaunched Sighthound I found that I had a valid SSL Certificate in the browser.

You will have to re-authenticate on the android mobile app as the SSL Fingerprint changes, but other than that it has not been an issue. Hope this helps others in using a valid SSL Cert for their Sighthound installs.

=========================================================================================
There appears to be a change after a recent update and you have to manually populate the sv.sha file with the thumbprint. There are some options to see what the thumbprint is:

The first option is to use a linux machine (homeassistant Pi3 running raspbian) and run this command:

pi@hassbian:/etc/letsencrypt/live/dns.name.here $ openssl x509 -in cert.pem -text -noout -noout -fingerprint | grep SHA1
SHA1 Fingerprint=94:9B:65:37:..:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.

or use a Windows machine to open the cert and under details at the bottom you will see your thumbprint.

sighthound_sha_sv.JPG


Just copy everything for the thumbprint into the sv.sha file prior to restarting SH and then you will get your access back through the mobile app.

I removed my DNS name and shortened my thumbprint for security reasons.
Last edited by drifterific on Sun Jun 17, 2018 3:16 am, edited 1 time in total.

no avatar
IamNEO
 
Posts: 1
Joined: Fri May 04, 2018 3:36 am

Re: HOWTO: Utilize a valid, signed SSL cert in Sighthound 3.

by IamNEO » Thu May 10, 2018 8:36 am

Thanks for posting this. I'm running Sighthound on a Mac, so I thought I'd share the steps that got me up and running on macOS / OS X:

• Rename your certificate. For example, rename "certificate.crt" to "sv.crt"
• Rename your private key. For example, rename "private.key" to "sv.key"
• In the Finder menu bar, click Go > Go to Folder..., and enter "/Library/Application Support/Sighthound Video/web" and click Go
• Copy the renamed "sv.crt" and "sv.key" files to the this folder.
• Next Launch Terminal (Applications > Utility folder) and enter the following commands:
Code: Select all
cd /Library/Application\ Support/Sighthound\ Video/web
Code: Select all
openssl x509 -in sv.crt -text -noout -fingerprint | grep SHA1
• You should receive output similar to the following:
Code: Select all
SHA1 Fingerprint=C8:1F:A7:C8:E3:94:49:CC:FC:8A:95:E0:83:44:2E:C2:D6:1F:34:70
• Keep the Terminal window open... Now we need to hightlight and copy the output (everything after the "=") and save it to a new file named "sv.sha"

    NOTE: I ran into issues leaving the fingerprint in that format, so I removed the colons and made the letters lower case (you can do this quickly by pasting in TextEdit then using "Transformations" and "Find > Find and Replace..." from the Edit dropdown menu)
• Enter the following command in Terminal:
Code: Select all
nano sv.sha
• This launches nano - Nano's ANOther editor, an enhanced free Pico clone.
• Paste the fingerprint text c81fa7c8e39449ccfc8a95e083442ec2d61f3470 (COMMAND+V), then press CTRL+X (Exit), Y (Save), Return (write file). You should now have the certificate, key, and fingerprint in the proper location.
• Launch Sighthound and test!

Previous

Return to Hacker's Corner
cron