Lack of documentation on TLS

Xeoma Software

Moderators: Admin_N, Administrator, Admin_P, Admin_K

Lack of documentation on TLS

Postby mauricioesilva » Sat Dec 03, 2016 12:24 am

I was trying to use my own certificates to secure the connections and fail. The first problem was lack of documentation, specially on Android and IOS devices.

Where or how I install the public key on Android and IOS clients?.
Can Xeoma use any certificate or need to be created exactly as you explain in the readme file?. I wasn't able to use my current certificate infrastructure (I run my own CA in my internal network for all kind of services, from a TLS on a web server to 802.1x authentication).

A good documentation in this subject will be really appreciated.
mauricioesilva
 
Posts: 17
Joined: Sun Jun 15, 2014 2:15 am
Location: Argentina

Re: Lack of documentation on TLS

Postby dgrindle » Sat Dec 03, 2016 2:53 pm

I have also asked for more information about TLS on Nov 11th here http://felenasoft.com/forum/viewtopic.php?f=8&t=1469&sid=0cb2d0c50773b5ec77b456a2cac6a14c. The reply was "We are working on that right now, thank you for your patience". I am hoping to see some more documentation soon.

From my experience, yes, you should be able to use your own certificate. However, the current behavior of Xeoma is a bit odd in my opinion, because even certificates which should be trusted (CA signed or by your own CA in this case) require the public key to be added to the clients. Ideally I think Xeoma should work like a browser to automatically accept signed (or otherwise trusted) certificates. I would suggest testing with a Windows client first. I do not have any experience with Android and IOS clients and agree that the documentation is still lacking.
dgrindle
 
Posts: 5
Joined: Fri Nov 11, 2016 7:58 pm

Re: Lack of documentation on TLS

Postby Admin_N » Mon Dec 05, 2016 4:25 pm

Hi there,

Not sure what kind of documentation you'd like but here's our guide: http://felenasoft.com/xeoma/en/articles ... onnection/

You can also follow our news at http://felenasoft.com/xeoma/en/news/ to always be the first to know!
Admin_N
 
Posts: 797
Joined: Thu Mar 01, 2012 4:43 pm

Re: Lack of documentation on TLS

Postby mauricioesilva » Wed Dec 07, 2016 10:39 pm

Thank you Admin_N and drindle for your answers. The page linked by Admin_N is almost the same as the readme.txt, but with a few extra information that open more questions.

So I guess I will have to wait.
mauricioesilva
 
Posts: 17
Joined: Sun Jun 15, 2014 2:15 am
Location: Argentina

Re: Lack of documentation on TLS

Postby Admin_N » Fri Dec 09, 2016 9:07 am

mauricioesilva,

What kind of documentation would you need then? The article has all there is to that subject so I fear waiting might bring no desirabale result.

Mobile operating systems are more closed up as compared to desktop ones.

For example, in Android, you can use your certificate only on rooted systems. If yours is one of such devices go to ../data/com.felenasoft.xeoma/.config/Xeoma/Security/Certificare/Client and place your certificate in there.

Do you know of any examples of using your certificate on IOS at all? Not sure it's even possible...
Admin_N
 
Posts: 797
Joined: Thu Mar 01, 2012 4:43 pm

Re: Lack of documentation on TLS

Postby mauricioesilva » Fri Dec 09, 2016 10:08 am

Thank you Admin_N, again, for your answer.

That is the kind of information that should have been on the readme.txt. Do you have a mobile client? DON'T CHANGE THE CERTIFICATES! or they won't be able to connect.
Is the CN checked against something or it can be any random string?. I know it can be anything because the default is "Default Xeoma certificate" and that's not the name of any of my DVRs and in the HTML page the information reads: "...make sure that the names coincide with those on the servers." something that is not true.

So far the only important thing is to have any random pair of certificates.
mauricioesilva
 
Posts: 17
Joined: Sun Jun 15, 2014 2:15 am
Location: Argentina

Re: Lack of documentation on TLS

Postby Admin_N » Fri Dec 09, 2016 11:12 am

CN is command for generating common name while certificate is being generated. Afterwards it's not used. In that respect, I don't think I get your question. Or do you imply anything else with this abbreviation?
Admin_N
 
Posts: 797
Joined: Thu Mar 01, 2012 4:43 pm

Re: Lack of documentation on TLS

Postby mauricioesilva » Fri Dec 09, 2016 5:02 pm

You are right, CN stand for common name. And in some services (for example Web over HTTPS) should be the exact name of the server. I know on a CCTV system will bring more troubles than benefits.
mauricioesilva
 
Posts: 17
Joined: Sun Jun 15, 2014 2:15 am
Location: Argentina

Re: Lack of documentation on TLS

Postby Timbiotic » Mon Mar 05, 2018 9:25 pm

For apple IOS why can't the ios app have an option to import certificates?
Timbiotic
 
Posts: 2
Joined: Sun Jun 25, 2017 2:40 pm

Re: Lack of documentation on TLS

Postby Admin_P » Wed Mar 07, 2018 9:47 am

Timbiotic,
Hello! iOS app is Xeoma's youngest part, it has limited functionality. We are working on expanding it, however, Apple's policy is really not helping us with that, so the development is somewhat slow.
If you'd like to be informed of Xeoma's new features as they are developed and added, feel free to subscribe to our newsletter.
Admin_P
 
Posts: 245
Joined: Wed Aug 24, 2016 1:49 pm


Return to Xeoma - General discussion

Who is online

Users browsing this forum: Google [Bot] and 10 guests

cron