Secure Sockets Layer (SSL) and Web Browsers

When you first use an SSL connection (https) to access groov Manage from a browser like Chrome or Firefox you’re going to get a warning saying something like “Your connection is not private” or “Your connection is not secure”. This happens because the certificate in the EPIC SSL server is signed by the EPIC itself, which is not a trusted authority by default. It is possible to make an exception for this connection and access the device without a trusted signature, but how can we trust this connection for both the EPIC and browser?

There are several solutions; one possibility is paying for a Certificate Authority (CA) to sign your network’s connections, but that can be both involved and expensive. Another option is to create your own local, private CA and use that to sign your own certificates, we’ll look at that process in this guide.

Before beginning this procedure it is highly recommended that you consult with your network administrator or IT team to discuss the creation and distribution of these certificates.

Overview

    Step 1. Get your device’s Certificate Signing Request (CSR).

    Step 2. Create your own private local CA certificate and signing key, use it to sign the EPIC CSR.

  • Keep this key safe and secure – anyone who gets ahold of it can create and sign certificates that will be trusted by all clients that the associated CA certificate is installed on.

    Step 3. Add the CA certificate to your operating system or browser’s list of trusted authorities.

    Step 4. Update the groov EPIC SSL server certificate with the signed certificate file.

    Step 5. Restart your browser to complete the process.


This guide was written specifically using Windows 10 Pro (version 10), groov EPIC PR1 firmware version 1.2.1, Chrome 69, Firefox 62, and XCA 2.1.1.
While many older and newer versions will work with this procedure, be aware that there may be some differences in the functionality and interfaces of different versions.


Continue to Get Your Device CSR and Create a CA (Steps 1 & 2)

Or go to EPIC Developer Overview Home


Top