Using HTTPS instead of HTTP to access Web-if

[phit03]

When I use HTTPS to access my HDR via web-if I get the message (browser is Chrome):

The site's security certificate is not trusted!
You attempted to reach hdr-fox2, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications.
You should not proceed, especially if you have never seen this warning before for this site.
Proceed anyway Back to safety
If I select proceed anyway, the page loads but the HTTPS in the address bar has a slash through it. The pages seem to be loaded more slowly than when using a non-encrypted HTTP connection so I assume that the connection is encrypted even though the HTTPS has a slash through it.
Can anyone explain how to add the certificate used to a Windows 7 system to stop the warning message appearing?

 

[Trev]

But why on earth would you want to use HTTPS on your own network with a PVR anyway?

 

[phit03]

But why on earth would you want to use HTTPS on your own network with a PVR anyway?

I don't, I'm happy to use HTTP on my intranet (home network)where it's behind firewalls but I want to access the box via the Internet from Spain and I'm not so happy having the userid and password in plain text for anyone to see. I'm assuming that using HTTPS will encrypt the contents of the packets sent over the Internet.

 

[Black Hole]

In order to use HTTPS, don't you have to have a trusted third party issue key pairs (for a price)?

 

[af123]

Nope. You only need to do that if you want your browser to automatically trust the server (and technically the third party issues a certificate for a public key that you send them - they never have your private key).

The HTTPS option in the webif package creates a self-signed certificate. The https: with a red line through it does indicate an encryption layer, just an untrusted one.
It will be possible to import this into Chrome/windows but I don't know exactly how and am not in a position to test it myself. In Firefox you can just view the certificate to verify that it's what you expect (connecting while on your local network should be enough to let you trust it) and add a permanent exception. Do you get any options if you click on the crossed out https?

 

[af123]

Try this: http://stackoverflow.com/a/18602774

 

[phit03]

Thanks af123, I managed to import the certificate into Chrome but now I get a different message:

This is probably not the site that you are looking for!
You attempted to reach hdrfox3, but instead you actually reached a server identifying itself as humax. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of hdrfox3.
You should not proceed, especially if you have never seen this warning before for this site.
Proceed anyway Back to safety
Is there any way I can change the identity in the self signing certificate to match the DNS name I've assigned for the box?
I have 3 boxes so each one has a different DNS name so I can't change it to use humax.
I have the hostname in settings on the box set to the same as the DNS name.

 

[Black Hole]

Chrome is being too protective. Is there not an "experienced user" mode?

 

[af123]

Yes, that could be done and it really should use the host name from the settings page when generating the certificate in the first place so I'll fix that in the package if necessary.

If nobody posts instructions first, I'll look at this when I can.

Note that it won't help you when away from home though as you will then be accessing the web site via IP address or a different DNS name. You'll still get the warning about the name mismatch.

Have you looked at the RS package? It is designed for managing the box while away from home. It doesn't do everything but might be enough for your needs.

 

[phit03]

Yes, that could be done and it really should use the host name from the settings page when generating the certificate in the first place so I'll fix that in the package if necessary.

If nobody posts instructions first, I'll look at this when I can.

Note that it won't help you when away from home though as you will then be accessing the web site via IP address or a different DNS name. You'll still get the warning about the name mismatch.

Have you looked at the RS package? It is designed for managing the box while away from home. It doesn't do everything but might be enough for your needs.

Thanks af123. I'd overlooked the fact that I'll be using my Dynamic DNS address to access the box when away from home so there's no point in changing the package unless you really want to. I'll live with the warning messages, they only seem to occur during the first access of any browser session. The important thing is that the data transfers are encrypted.

Yes, I use the RS package to setup new programs on the box but AFAIK you can't use that to transfer files off the box via the WEb-if download function. I want to be able to do this via the Internet. We've lost our UK free to air satellite feeds in Spain after the Astra satellite moves so this is one possibility I'm looking at to be able to view UK TV programs.

 

[phit03]

Chrome is being too protective. Is there not an "experienced user" mode?

Not that I can see. I haven't looked at other browsers to see if they put out similar warning messages though. I'll try them when time permits.
However, I gave up on Firefox, it's too slow now compared to Chrome and IE11 is even slower!