Requirements
- Sighthound 3.0 installed on a 64-bit Windows system in the default location.
- A trusted Certificate Authority to generate a signed certificate from a certificate signing request. I used a free cert from StartSSL, but it does have validation problems with Chrome on mobile due to cert chaining issues. Other tested platforms seemed to work OK.
- A fully-qualified DNS name which resolves to your Sighthound host. In this guide I'll be using "yourdnsname.example.com".
Process
- Enable remote access in Sighthound via Tools > Options > Remote Access > Enable remote access
- Disarm all cameras and shutdown SH. NOTE: if you launch Sighthound before the final step it will blow away all your work and force you to start over.
- Open an Administrator command shell (cmd.exe)
- Enter the following commands, replacing "yourdnsname.example.com" with your fully qualified domain name in the final command. Optionally, modify the rest of "subj" field in the final command to fill in your location and organization details.
- Code: Select all
set SHWEBDIR=%LocalAppData%\Sighthound Video\web
cd /d "%SHWEBDIR%"
move sv.* %temp%
del status
bitsadmin.exe /transfer "DownloadOpenSSLConf" http://web.mit.edu/crypto/openssl.cnf "%SHWEBDIR%\openssl.cnf"
set OPENSSL_CONF=%SHWEBDIR%\openssl.cnf
"%ProgramFiles(x86)%\Sighthound Video\openssl.exe" genrsa -out "%SHWEBDIR%\sv.key" 2048
"%ProgramFiles(x86)%\Sighthound Video\openssl.exe" req -new -key "%SHWEBDIR%\sv.key" -out "%SHWEBDIR%\sv.csr" -subj /C=XX/ST=XX/L=XX/O=support@sighthound.com/OU=sighthound/CN=yourdnsname.example.com
- This will generate a certificate signing request file available at "%LocalAppData%\Sighthound Video\web\sv.csr". Hand the signing request to your CA and get a BASE64 encoded (sometimes called "CER encoded") certificate file back.
- Open the created certificate file in notepad and confirm that it's in text format, where the first line reads "-----BEGIN CERTIFICATE-----" and the last line reads "-----END CERTIFICATE-----". There should be only one such section.
- Save the created certificate to: %LocalAppData%\Sighthound Video\web\sv.crt
- Run the following commands in the same command shell to dump the fingerprint details to the required file:
- Code: Select all
"%ProgramFiles(x86)%\Sighthound Video\openssl.exe" x509 -subject -dates -fingerprint -in "%SHWEBDIR%\sv.crt" | find "Fingerprint"> fingerprint.out
for /F "tokens=2 delims= " %z in (fingerprint.out) do set %z
echo %Fingerprint::=%>sv.sha
del fingerprint.out
- Optional: backup the contents of "%LocalAppData%\Sighthound Video\web". On launch, SH checks that everything there is valid and will wipe all files/folders if it finds any problem. If you have a cert (and it's matching keyfile) that you've just paid money for, it'd be a good idea to stash a copy somewhere.
- Launch Sighthound and let it start up with the new certificate details.
- Confirm that you are presented with a valid cert when you open https://yourdnsname.example.com:8848