HTTPS enabled on Toon

Forum about the Toon firmware, and its extensions

Moderators: marcelr, TheHogNL, TerrorSource, Toonz

HTTPS enabled on Toon

Postby Toonz » Thu Dec 28, 2017 3:34 pm

Hi all,

after some further digging I found out that Toon does support https in principle but it never worked because the public root CA certificates are not installed (typically comes with your browser).
The only root certificates installed are the ones which are needed to validate Quby's own servers.

So, in order to get https calls to work you will need to add manually the right certificates to the ssl certificate store with a text editor.
It is located here on Toon: /etc/ssl/certs/ca-certificates.crt

Example: xml.buienradar.nl is using a certificate issued by DigiCert. You can find out who issued the certificate by clicking on the 'lock' icon in your browser and press view certificates.
In order to access buienradar Toon must have the root CA from DigiCert added to the certificate store (certificate name: DigiCert Global Root CA).
Root certificates from most common trusted issuers can be found in this csv file : ccadb-public.secure.force.com/mozilla/I ... portPEMCSV

When this file is opened in Excel the root CA of Digicert can be found at row 49.
Column AC contains the digital certificate (pem).
Append the contents of this field to the certificate file on Toon (remove the quotes from the csv file):
Code: Select all
-----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
-----END CERTIFICATE-----


After that all http/https calls to the buienradar server will work with the original, unmodified buienradar app 8.2.0 (so even http redirects to https will work automatically)
This approach will work for any webserver you want to access from Toon via https.
I also found new QML code from Quby introduced in version 4.9 which supports HTTP(S) calls with the POST method to fill in webforms automatically.

What's next:
- create a new version of buienradar, reverting back the latest changes in 8.2.1 and installing this certificate.
- major revision of the afvalwijzer app to support more websites automatically and add more certificates (remove the need for wget and cron jobs)

Kind regardz,

Toon.
member of the Toon Software Collective
User avatar
Toonz
Forum Moderator
Forum Moderator
 
Posts: 1129
Joined: December 2016

Re: HTTPS enabled on Toon

Postby jozg » Fri Dec 29, 2017 3:34 pm

Hello Toonz,

Thanks.
With this certificate, my (old) buienradar app is working again.
Good work!.

Regards,

Jos.
jozg
Starting Member
Starting Member
 
Posts: 47
Joined: November 2017

Re: HTTPS enabled on Toon

Postby gerardzh » Fri Dec 29, 2017 8:43 pm

Thanks!
gerardzh
Starting Member
Starting Member
 
Posts: 2
Joined: November 2017

Re: HTTPS enabled on Toon

Postby michel30 » Fri Dec 29, 2017 11:20 pm

Super,

This works super, I uninstall 8.2.1 and install back 8.2.0 and add the certificate everything works like it was before.
Thanks Toonz for sharing this information.

Regards,
Michel
michel30
Member
Member
 
Posts: 206
Joined: August 2017


Return to Toon Firmware

Who is online

Users browsing this forum: No registered users and 1 guest