TLS/SSL Status?


#1

Hi all,
I was wondering about the support for SSL/TLS status? The last docs I found mentioned that it was being worked on and kind of supported in the client - I’m more interested in the web client as if we were to purchase netcam studio and expose the web server to the internet for remote monitoring we really can’t risk exposing usernames / passwords or potentially camera streams via NCS to unauthorized users…


#2

@Mikhail_Burilov :

Can you please clarify how it works, what is supported and what is not ?


#3

Hi!
Yes, it’s possible and it’s supported on server side. Nobody requested this feature and it cannot be configured from the UI as far as I remember.
Just edit NetcamStudio.Service.exe.config or NetcamStudioX.exe.config (depends on what you run - Service or NCS.X)
Add 2 new settings to <appSettings> section:
WebServerCertificate - this is full path to server certificate file
WebServerCertificatePass - this is certificate password
.net doesn’t support openssl certificates, so import public/private key pair to your windows certificate store, and then export it (don’t forget to check “include private key”).
Do not use Tcp and Http port 8120, 8124 - better to close it from outside on your firewall. Leave only 8100 - which will be https now.

Not sure about clients, except for the web client.


#4

I was under the impression (from the sticky about tls) the web client wouldn’t work with TLS enabled…?


#5

I’ve tried and it worked when this feature was implemented.


#6

I’m having trouble with the mobile client (iOS App) - it seems like it won’t connect properly with SSL. I can easily connect via web browser, but it’d be nice if the mobile app worked.


#7

Looks like that’s not the only problem - if I run the desktop client on a system on the same network as the server (but not the same machine) it seems to be converting the address 192.168.1.213 to: http://192.168.1.213:8100/Soap/ and I have verified that:

<endpoint address="https://localhost:8124/Soap" binding="customBinding" bindingConfiguration="soapEndpoint" contract="Moonware.Server.WCF.Interface.IMoonwareServerWCF" name="soapEndpoint" />

is in the client config file…


#8

I’ll check and fix desktop client.
@Admin can you please check mobile client?


#9

The mobile client already allows connecting over HTTPS and over any port defined by the user.

I didn’t retest it recently but it should be fully compatible. I would need more details on the error returned or deeper description of the problem.


#10

You can try the mobile client from this page:

http://m.netc.am/

Add a new connection and check the SSL, then if you encounter any problem, please check the javascript errors and report them here.


#11

Right now I’m working on getting it all local - honestly we want to keep the service from going through based access. When I run the client on a machine that is not the server on the network I get the following error:

Error during login: An error occurred while receiving the HTTP response to http://172.16.3.213:8100/Soap/

I had changed the config for the client app like noted on the thread about ssl, but those changes seem to refer to localhost access rather than remote server access. Do I have to add lines for my specific server? It honestly appears like the client desktop app is hard coded to http only on IPs that are not localhost, if that’s the case, is it possible to maybe add a check mark on the login page to use ssl/tls for a given connection?


#12

I am trying to establish a secure connection from the server.
Could you please let me know if this is correct for SSL?


#13

Hi Alvaro,
Follow the guide Running Netcam Studio Server on SSL / HTTPS
I have done this procedure myself and it works.

-Henrik


#14

Hi Henrik, thanks for your reply, downloaded the file to generate the certificate but it did not give me the option to enter a password, I think windows created them but cannot find it to move it to the folder. As I removed the comments from the NetcamStudioX.exe.config am getting an error message from the server, am guessing because the certificate (server.pfx) is not there and password was never set. I tried to reinstall the certificate - nothing happens.

Thanks


#15

It was several moths ago since I did this and that is a long time … ;). The only thing I remember is that it was much easier than I expected ;). However, that do not help you for the moment.
You didn´t find the files? I am not sure about this, but I always have the Show hidden files on and can see them. Do that. A search did not find them either?
It seems that I have to do this again. I remember that something was only available in Windows 7 to download and generate certificate … I check this in Windows 10 after the weekend!

I found what I did in February here Issues with Netcam Studio It is a long topic and some other things as well, but here are my results in short from that:

1.I followed the instructions in the guide with Microsoft SDK. Self signed certificates. I used a computer with Windows 7.
2.Running NCS X 64-bit. Connecting with:

  • windows client: no — that should work today.
  • web client (IE, Safari, Firefox, Chrome): yes
  • mobile web client (m.netc.am): yes. First connect using web client. Logout. Click on mobile client under the blue login to get m.netc.am and configure server for https.
  • connecting using Android App 3.4.7: no

3.Running NCS as a Service. Connecting using:

  • windows client: no
  • web client (IE, Safari, Firefox, Chrome): no
  • mobile web client (m.netc.am): no
  • connecting using Android App 3.4.7: no

According to the guide connecting with windows client have “partial support” for https. It did not work for me.

Android App and iOS app might not accept self signed certificate.

-Henrik


Future Netcam Studio development plans? New version NCS 1.7.0 is released