The SupermarketPlanner is running a Raspberry Pi Rest Server. This allows me to create a list on the Windows Client and Sync over the Internet to either another Windows Client or an Android Phone App.
With SSL, a private and public key is created. The public key is distributed in the form of a certificate. This can be used to encrypt a message that can only be decrypted with the private key.
When a client connects to a server this information can be used to setup a secure connection via a hand-shake mechanism, A good explanation can be found here.
For my purposes, since I am running both client and server, I decided on setting up a self-signed certificate. I used OpenSSL on my Raspberry Pi to create this, following the steps below:
The DNS name for the server needs to be added to the Subject Alternate Name (SAN), not the CommonName (CN). The CN can be defined in the interactive request but SAN can only be defined in a separate configuration file, example below:
Self-signed certificates are not signed by a well known Certificate Authority, browsers will pop up a warning. To overcome this on my machines I added my own CA certificate to the Authorities on Chrome and Edge/IE11
- Chrome
- Settings -> Advanced -> Privacy and Security -> Manage Certificates -> Authorities tab -> Import CA certificate
- Edge / IE11
- Open IE11
- Internet Options -> Content -> Certificates
- Select Trusted Root Certification Authorities
- Click Import and choose the CA certificate to upload
Enabling SSL on the web server is simple, using web.py I just needed to add the following (This for version 0.40):
As for my client applications, after adding my CA to IE11, SupermarketPlanner, being a .NET Core app running on Windows worked with no changes other than to use the https url. This worked on both Windows 10 and Windows 8.1 boxes.
As for my client applications, after adding my CA to IE11, SupermarketPlanner, being a .NET Core app running on Windows worked with no changes other than to use the https url. This worked on both Windows 10 and Windows 8.1 boxes.
For my Android App this was a bit more complicated. When simply changing the URL I got this Exception:
CertPathValidatorException : Trust Anchor for Certification Path not found
The documentation here: https://developer.android.com/training/articles/security-ssl was what I needed for this problem. This allows me to add my own CA to the trust chain.
I added my CA certificate to the assets/ folder in the Android project. An assets folder is a location for files that are copied as-is to the .apk file. This can then be referenced and navigated as a normal directory using the AssetManager
