Documentation | Installation Manual | Configuring SSL
Centova Cast fully supports both HTTPS (secure SSL) and HTTP (plaintext non-SSL) connections on its web interface.
The web interface automatically detects which protocol (HTTP or HTTPS) the browser is using
and responds appropriately; as such, both protocols are supported on a single port. For
example, you could access a Centova Cast installation at
cast.example.com using either of
the following URLs:
http://cast.example.com:2199 (non-SSL) https://cast.example.com:2199 (SSL)
SSL is enabled by default, so either the
https URL can be used out-of-the-box.
During installation, Centova Cast creates a self-signed SSL certificate for your server's IP
address. For example, if your server's IP address is
10.2.3.4, the certificate will allow
you to access Centova Cast using the URL:
Note that because self-signed certificates have not been generated by a "trusted" certificate authority, any web server using a self-signed certificates will always cause web browsers to display a security warning.
As such, the first time you (or any of your clients) attempt to access to Centova Cast, the web browser will display a security warning explaining that the certificate is not trusted, and prompt to accept or reject the connection.
This warning can be eliminated by installing your own certificate from a trusted certificate authority.
Customizing Your Self-Signed Certificate
If you wish to regenerate your self-signed certificate (for example, to use your domain name instead of your IP address), you can do so using the following command:
/usr/local/centovacast/sbin/setssl self example.com
example.com with the domain name for which you want to generate the certificate.
This is a fully-automated process and once it completes, you can simply restart Centova Cast
and begin accessing the web interface at
https://example.com:2199/ (again, replacing
example.com with your actual domain name).
Note that as with any self-signed certificate, all web browsers will display a security warning when accessing Centova Cast because the certificate is not issued by a trusted certificate authority.
Installing Your Own Certificate
To eliminate the web browser security warnings caused by self-signed certificates, you may wish to obtain an SSL certificate from a trusted certificate authority. The steps for doing so are as follows:
Order an SSL certificate from an SSL certificate vendor. Thousands of companies on the Internet sell SSL certificates; if you are not familiar with any, your hosting provider likely sells them or can recommend a good vendor. Otherwise, simply searching the web for
purchase ssl certificateshould give you a place to start.
Your certificate authority may prompt you for the type of SSL certificate to be generated; if so, choose "Apache/mod_ssl" as the type.
The certificate authority will prompt you to provide your CSR for your desired domain name. You can generate one on your Centova Cast server using the following commands:
/usr/local/centovacast/bin/openssl genrsa -out /root/cc.key 2048 /usr/local/centovacast/bin/openssl req -new -sha256 -key /root/cc.key -out /root/cc.csr \ -config /usr/local/centovacast/etc/openssl.cnf
When prompted for your Common Name, enter the fully-qualified domain name (including any subdomain that you might wish to use) for the SSL certificate. Fill out the remaining fields with the appropriate information about your organization.
This will create a CSR file called
/root/cc.csrwhich you can then provide to the certificate authority.
After you receive your SSL certificate from the certificate authority, you can install it into the Centova Cast web server using the following command:
/usr/local/centovacast/sbin/setssl /root/cc.key /path/to/certificate.pem
/root/cc.keywith the path to the private key you used to generate the CSR provided to the certificate authority (possibly generated in step 3 above), and
/path/to/certificate.pemwith the SSL certificate bundle provided by the certificate authority.
Finally, restart Centova Cast using the following command:
You should now be able to access Centova Cast using your new SSL certificate at
example.comis your actual domain name. Your browser should not issue any security warnings now that you are using a certificate from a trusted certificate authority.
Using a Free SSL Certificate from "Let's Encrypt"
"Let's Encrypt" is a certificate authority that provides completely free SSL certificates that are trusted by all major browsers. Unlike self-signed certificates, they do not generate security warnings when visitors access your web site.
Centova Cast fully supports the use of SSL certificates from "Let's Encrypt", and can automatically generate and renew such certificates once configured to do so.
Refer to the knowledge base article about Let's Encrypt for details about configuring Centova Cast with certificates from Let's Encrypt.
Forcing Users to Use SSL
Centova Cast does not, by default, force users to use SSL; they can switch at will between
SSL and non-SSL simply by changing
https:// and vice-versa in the URL.
If you wish to force all users to use SSL when accessing authenticated areas of Centova Cast
(i.e., areas which are restricted to logged-in users) you can edit
/usr/local/centovacast/etc/centovacast.conf and change
Save your changes and restart Centova Cast to enforce the new SSL policy.