1.3 Installing the self signed certificate

---

Last updated 15/04/2019 - valid for IOS 12.2

---

Stage 6 of the install script, if selected, will configure the web page to run on HTTPS, and disable HTTP. A dedicated key store and two self signed certificates will also be created. This allows the iPhone to trust and encrypt data transmitted between the iPhone and the Raspberry Pi. This also allows the web-app to install as a home screen icon, and to run in full screen mode.

To establish this trust, create the icon and run the web-app in full screen mode, use the following process...

At the Raspberry Pi...

1. The certificate has been copied to the folder /var/www/logs/Alarm.crt Email this file to the iPhone. Note: Windows users - this folder has been shared out through Samba, so can be found in the 'logfiles' data share for easy access. At the iPhone...
2. Open the email and tap on the Alarm.crt attachment.
3. Open Settings | Profile Downloaded. Tap on 'Install' and follow the remaining on screen prompts to install the cert.
4. Open Settings | General | About | Certificate Trust Settings. From there enable the certificate you have just installed.
5. Open Safari and browse (using https:) to the raspberry Pi using either the DDNS name or the IP address. You will need to specify https: rather than http: DON'T LOGIN JUST YET !
6. From Safari, use the 'Add to Home Screen' feature to create an icon for the web-app.
7. Close Safari
8. Open the web-app using the Home Screen icon. It will now run in full screen mode.

There are a few points to be aware of.

1. Port 80 will be disabled - so entering the ip address of your Raspberry Pi in your browser will no longer work.
2. Port 443 will be enabled - so you will need to enter https://<ip address>/ to access the web site.
3. Once installed, don't leave the certificate in the /var/www/logs/Alarm.crt - put it somewhere safe.
4. If the certificate becomes compromised, re-running stage 6 of the installer will have the same effect of revoking the compromised certificate.