You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close

DW Spectrum IPVMS SSL Certificate Management

https://hf-files-oregon.s3-us-west-2.amazonaws.com/hdpdigitalwatchdog_kb_attachments/2019/09-24/4763eb2b-7c2d-49d6-bfc0-47620cc0f150/image.png

DW Spectrum® IPVMS SSL Certificate Management

-----------------------------------

Affected Roles:  Administrator, Owner

Related Digital Watchdog VMS Apps:  DW Spectrum® IPVMS

Complexity:  Medium

Last Edit:  April 4, 2022

-----------------------------------

Secure Socket Layer (SSL)

DW Spectrum® Servers utilize a self-signed Secure Socket Layer (SSL) certificate by default.  SSL certificates are small data files that digitally bind a cryptographic key to an organization’s details such the public key and the owner of a website or server.  These data packets are transmitted between the DW Spectrum® Server and the requesting client with digitally signed acknowledgements to start an SSL encrypted session.

As a result, the data packets containing the requested information that is sent over the encrypted session can only be decoded by the designated receiving node(s).  By combining this with the HTTPS protocol, this acts as a sort of “protective lock” on the data as it is traveling to better mitigate malicious agents (cybercriminals) that may be attempting to intercept or eavesdrop on sensitive information.

This article will outline how to modify the self-signed certificate of a DW Spectrum® Server in order to utilize a certificate that was obtained from an official certificate provider instead.

SSL Certificate Authorities

Technically, any website owner can create their own SSL certificate, which are referred to as “self-signed certificates”.  However, while still considered to be secure/encrypted, self-signed certificates are not easily recognized by web browsers as ‘trustworthy’ in comparison to if you were to use an SSL certificate that was purchased from a certificate authority.

As so, a warning message may appear when connecting to a server by web browser.  Even though self-signed SSL certificates and purchased SSL certificates both operate the same way, you would need to obtain a certificate from a certificate authority to no longer see the warning message on the browser.

If you wish to purchase a certificate rather than utilize a self-signed SSL certificate, the most commonly recognized SSL certificate providers can be found here:

https://www.techradar.com/news/best-ssl-certificate-provider

Applying a Purchased SSL Certificate

Part 1:  Locating the SSL Certificate

If you have acquired an SSL certificate and would like to apply it to the DW Spectrum® Server, you must find where the placeholder for the certificate (cert.pem) is located.

This file can be found in the following directories:

  • Systems Using Windows OS:
C:\Windows\System32\config\systemprofile\AppData\Local\Digital Watchdog\Digital Watchdog Media Server\ssl
  • Systems Using Ubuntu OS:
/opt/digitawatchdog/mediaserver/var/ssl

Part 2:  Modifying the Self-Signed SSL Certificate

After locating the cert.pem file, perform the following steps:

  1. Stop the DW Spectrum® Media Server.
  • Windows OS
  1. Locate the Service Tray on the Windows Task Bar.
  2. Right-click on the DW Media Server icon and select Stop server (started).

  • Ubuntu OS
  1. Open the Terminal program on the Linux computer.  You can do this by using the Search function in the system Unity menu.

Alternatively, you can simultaneously press the Ctrl+Alt+T keys on the keyboard to launch the Terminal program.

  1. The Terminal window will display.

Log in as the root Administrator by using:

sudo su
  1. When prompted, enter the root admin password (will not display). 
Dw5pectrum

**NOTE:  For older DW Blackjack units purchased prior to June 18, 2021, the previously utilized default Linux OS login was “admin/admin”.

  1. Next stop the DW Media Server with:
service digitalwatchdog-mediaserver stop
  1. After stopping the DW Media Server, open the cert.pem file.  Both the cert.pem file and purchased certificate should be text files, so it may be easiest to use a program such as Notepad to make the edits.

Next, edit the cert.pem file, then copy and replace the private key and certificate content with the purchased SSL certificate information.

-----BEGIN PRIVATE KEY-----



...enter new private key content ...



-----END PRIVATE KEY-----



-----BEGIN CERTIFICATE-----



...enter new certificate content ...



-----END CERTIFICATE-----
  1. After replacing the Private Key and Certificate text with the new text of the purchased certificate, save the modified cert.pem file to retain the changes.
  1. When ready, start the DW Spectrum® Media Server.
    • Windows OS
  1. Locate the Service Tray on the Windows Task Bar.
  2. Right-click on the DW Media Server icon and select Start Server (stopped).

  • Ubuntu OS
  1. Start the DW Media Server using the Terminal program with the command:
service digitalwatchdog-mediaserver start

This completes the modification of the cert.pem SSL certification file.

Renewing (Re-creating) an SSL Certificate for DW Spectrum

In the event that the self-signed certificate generated by DW Spectrum has expired, a new cert.pem file can be generated and will be valid for one year of it has been re-created by the system.

To renew (re-create) another self-signed SSL certificate for DW Spectrum:

  1. Stop the DW Spectrum® Media Server.
  • Windows OS
  1. Locate the Service Tray on the Windows Task Bar.
  2. Right-click on the DW Media Server icon and select Stop server (started).

  • Ubuntu OS
  1. Open the Terminal program on the Linux computer.  You can do this by using the Search function in the system Unity menu.

Alternatively, you can simultaneously press the Ctrl+Alt+T keys on the keyboard to launch the Terminal program.

  1. The Terminal window will display.

Log in as the root Administrator by using:

sudo su
  1. When prompted, enter the root admin password (will not display). 
Dw5pectrum

**NOTE:  For older DW Blackjack units purchased prior to June 18, 2021, the previously utilized default Linux OS login was “admin/admin”.

  1. Next stop the DW Media Server with:
service digitalwatchdog-mediaserver stop
  1. Next, locate the old self-signed certificate file labeled “cert” (cert.pem file).
  • Systems Using Windows OS:
C:\Windows\System32\config\systemprofile\AppData\Local\Digital Watchdog\Digital Watchdog Media Server\ssl
  • Systems Using Ubuntu OS:
/opt/digitawatchdog/mediaserver/var/ssl

Once located, right-click on the file and select “Delete” to remove the old self-signed certificate file.

  1. After deleting the old self-signed certificate file, start the DW Spectrum® Media Server. A new cert.pem file will be generated and will display in the same SSL folder where the old file was previously located.

This renewed certificate will be valid for up to one (1) year following this re-creation.

    • Windows OS
  1. Locate the Service Tray on the Windows Task Bar.
  2. Right-click on the DW Media Server icon and select Start Server (stoppe.

  • Ubuntu OS
  1. Start the DW Media Server using the Terminal program with the command:
service digitalwatchdog-mediaserver start
  • 135
  • 04-Apr-2022
  • 2969 Views