Configuring SSLCentova Cast fully supports both HTTPS (secure SSL) and HTTP (plaintext non-SSL) connections on its web interface.
The web interface automatically detects which protocol (HTTP or HTTPS) the browser is using and responds appropriately; as such, both protocols are supported on a single port. For example, you could access a Centova Cast installation at
cast.example.comusing either of the following URLs:
SSL is enabled by default, so either the
http://cast.example.com:2199 (non-SSL) https://cast.example.com:2199 (SSL)
httpsURL can be used out-of-the-box.
Self-Signed CertificatesDuring installation, Centova Cast creates a self-signed SSL certificate for your server's IP address. For example, if your server's IP address is
10.2.3.4, the certificate will allow you to access Centova Cast using the URL:
Note that because self-signed certificates have not been generated by a "trusted" certificate authority, any web server using a self-signed certificates will always cause web browsers to display a security warning.
As such, the first time you (or any of your clients) attempt to access to Centova Cast, the web browser will display a security warning explaining that the certificate is not trusted, and prompt to accept or reject the connection.
This warning can be eliminated by installing your own certificate from a trusted certificate authority.
Customizing Your Self-Signed CertificateIf you wish to regenerate your self-signed certificate (for example, to use your domain name instead of your IP address), you can do so using the following command:
/usr/local/centovacast/sbin/setssl self example.com
example.comwith the domain name for which you want to generate the certificate. This is a fully-automated process and once it completes, you can simply restart Centova Cast and begin accessing the web interface at
example.comwith your actual domain name).
Note that as with any self-signed certificate, all web browsers will display a security warning when accessing Centova Cast because the certificate is not issued by a trusted certificate authority.
Installing Your Own CertificateTo eliminate the web browser security warnings caused by self-signed certificates, you may wish to obtain an SSL certificate from a trusted certificate authority. The steps for doing so are as follows:
- Order an SSL certificate from an SSL certificate vendor. Thousands of companies on the
Internet sell SSL certificates; if you are not familiar with any, your hosting provider
likely sells them or can recommend a good vendor. Otherwise, simply searching the web
purchase ssl certificateshould give you a place to start.
- Your certificate authority may prompt you for the type of SSL certificate to be generated; if so, choose "Apache/mod_ssl" as the type.
- The certificate authority will prompt you to provide your CSR for your desired domain
name. You can generate one on your Centova Cast server using
the following commands:
When prompted for your Common Name, enter the fully-qualified domain name (including any subdomain that you might wish to use) for the SSL certificate. Fill out the remaining fields with the appropriate information about your organization.
/usr/local/centovacast/bin/openssl genrsa -out /root/cc.key 2048 /usr/local/centovacast/bin/openssl req -sha256 -key /root/cc.key -out /root/cc.csr \ -config /usr/local/centovacast/etc/openssl.cnf
This will create a CSR file called
/root/cc.csrwhich you can then provide to the certificate authority.
- After you receive your SSL certificate from the certificate authority, you can install it
into the Centova Cast web server using the following command:
/usr/local/centovacast/sbin/setssl /root/cc.key /path/to/certificate.pem
/root/cc.keywith the path to the private key you used to generate the CSR provided to the certificate authority (possibly generated in step 3 above), and
/path/to/certificate.pemwith the SSL certificate bundle provided by the certificate authority.
- Finally, restart Centova Cast using the following command:
You should now be able to access Centova Cast using your new SSL certificate at
example.comis your actual domain name. Your browser should not issue any security warnings now that you are using a certificate from a trusted certificate authority.
Using a Free SSL Certificate from "Let's Encrypt""Let's Encrypt" is a certificate authority that provides completely free SSL certificates that are trusted by all major browsers. Unlike self-signed certificates, they do not generate security warnings when visitors access your web site.
Centova Cast fully supports the use of SSL certificates from "Let's Encrypt", and can automatically generate and renew such certificates once configured to do so.
Refer to the knowledge base article about Let's Encrypt for details about configuring Centova Cast with certificates from Let's Encrypt.
Forcing Users to Use SSLCentova Cast does not, by default, force users to use SSL; they can switch at will between SSL and non-SSL simply by changing
https://and vice-versa in the URL.
If you wish to force all users to use SSL when accessing authenticated areas of Centova Cast (i.e., areas which are restricted to logged-in users) you can edit
Save your changes and restart Centova Cast to enforce the new SSL policy.