Running Netcam Studio Server on SSL / HTTPS - Windows 7 and 10


#1

Another hidden feature of Netcam Studio is the possibility to run it on HTTPS.

In order to serve Video Streams, Web Content and Web Services over HTTPS, you need to perform the following steps:

1. Purchase or Generate your own SSL Certificates
The first step is to obtain the certificates. If you want the certificates to be trusted and not displaying any warning to the user, they have to be issued by a trusted authority like www.Digicert.com

Alternatively, for testing or internal use, it is possible to generate your own certificates. You will have to generate the following:

  • CA Certificate
  • SSL Certificate matching the CA

For Windows 7 and 8
The following scripts allow generating those certificates for testing:
https://s3.eu-central-1.amazonaws.com/moonware/netcamstudio-makecert-ssl.zip

They need to be modified in order to reflect your company’s information. The password has to be changed (you’ll need it later). Then, run the 2 scripts to generate the CA certificate and the SSL certificate.

Once the certificates have been generated, they both need to be installed on the computer running Netcam Studio. Double-click on the certificate and let Windows install them. Make sure they are installed on the computer account and not the user account. For the SSL Certificate, enter the password that was set during generation of certificates.

For Windows 10 and PowerShell
Run PowerShell ISE as an Administrator -> PS C:\WINDOWS\system32>
cd cert:\Localmachine\my
Always stay in this library.

Generate a new self-signed certificate with a suitable dns name. Here I use ncs.local
New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname ncs.local

dir
The just generated certificate plus existing lists

Thumbprint                         Subject                                                                                                                        
----------                                -------   
D7CDE5998D993F850F1ADB60994EB3C292865CDF  CN=ncs.local 

Generate a password. Here I use test
$pwd = ConvertTo-SecureString -String “test” -Force –AsPlainText

Export the certificate to the pfx-format. The name Thumbprint in the command below should be exchanged with the long hexadecimal string shown above specific for your certificate name. The resulting file is called server.pfx and located in the root c:\

export-pfxcertificate -cert Thumbprint -filepath c:\server.pfx -chainoption buildchain -password $pwd

Use Windows Explorer and go to the file location c:\ and install the certificate by double-click on it.
Copy the certificate to C:\Program Files\Netcam Studio - 64-bit

Open Manage Computer Certificates
In the folder Personal -> Certificates you find the ncs.local
copy ncs.local to the folder Trusted Root Certification Authorities -> Certificates

2. Configure Netcam Studio to Serve over SSL
Then, it is necessary to copy the SSL Certificate (default name server.pfx) into the folder where Netcam Studio is located (Program Files\Netcam Studio) and edit Netcam Studio (X and Service) configuration file:

  • NetcamStudioX.exe.config
  • NetcamStudio.Service.exe.config

Under the appSettings category, add new settings with the keys WebServerCertificate and WebServerCertificatePass as shown in the example.

The certificate’s name and password must match the filename copied into the program’s folder and the password you have chosen during generation of certificates or received from the trusted authority.

<appSettings>
    <add key="EventLogsRetentionDays" value="2" />
    <add key="BypassSecurity" value="false" />
    <add key="WebServerPort" value="8100" />
    <add key="ServerTcpPort" value="8120" />
    <add key="ServerHttpPort" value="8124" />
    <add key="ServerHost" value="localhost" />
    <add key="WebServerCertificate" value="server.pfx" />
    <add key="WebServerCertificatePass" value="test" />
  </appSettings>

3. Enabling SSL in Netcam Studio Client (Windows)
There is still only partial support for HTTPS on Client side, we will look forward to complete it soon.

In order that Netcam Studio Client accepts connecting over HTTPS, it is necessary to modify also its configuration file (NetcamStudio.Client.exe.config).

For this purpose, modify the endpoint corresponding to http:// to https:// under system.serviceModel, *client, as shown below:

<system.serviceModel>
    <client>
      <endpoint address="https://localhost:8124/Soap" binding="customBinding" bindingConfiguration="soapEndpoint" contract="Moonware.Server.WCF.Interface.IMoonwareServerWCF" name="soapEndpoint" />
    </client>
</system.serviceModel>

4. Enabling SSL in Web / SmartPhone Clients
When paragraphs 1 to 3 are done it is now possible to also use the web client and with https / SSL. When using the web browser connect to NCS using https. When adding login information also enable https / SSL. If you have made a self-generated certificate the server will answer with a red text Not secure.

image

This indicates that the certificate do not match the domain on which Netcam Studio is accessed. However, the connection is secured.

To not get the warning it is necessary to buy a certificate from a trusted authority as mentioned earlier. The very important part is that the certificate must match the domain on which Netcam Studio will be accessed.

https / SSL for mobile App is working on iOS. Android do not except a self signed certificate.


TLS/SSL Status?
HTTPS form availability from UI
Is there any guide for enabling HTTPS on release 1.5.4?
NetcamStudio Android / Login failed: Timeout has occured
Netcamstudio X (service) and Client IOS
#2

#3

#4