Security¶
SSL Certificates¶
SSL (Secure Sockets Layer) is a fundamental technology for securing web applications by encrypting data, ensuring data integrity, authenticating servers, and enhancing user trust.
SSL layers encrypt the data transmitted between a user’s web browser and server. This encryption ensures that the data remains unreadable and secure even if intercepted by malicious actors. SSL includes mechanisms to ensure data integrity during transmission using cryptographic hash functions to detect unauthorized modifications or tampering. In the event of altered data during transit, the recipient can see and reject the modified data.
ControlRoom allows loading a user’s SSL certificate through the settings and configuration dialog. Many external service providers can provide an SSL certificate; one may already have an SSL certificate for ControlRoom installations.
Use of a self-signed certificate may cause a warning to appear when accessing the ControlRoom webpage or BrainD REST endpoints. This is caused by the browser failing to authenticate the received certificate against a trusted certificate authority.
OpenSSL is an option that one can use to create a self-signed SSL certificate. The following command may be used to generate a self-signed certificate:
openssl req -new -x509 -days 365 -nodes -keyout example.key -out example.crt
By default, ControlRoom will serve an insecure web page over HTTP, without any certificates or encryption. If insecure communications over HTTP are not desirable, the settings and configuration dialog can be used to enable HTTPS/SSL communication. If a certificate is not specified, then ControlRoom will automatically generate a self-signed certificate.
Certificates are stored in the following directory:
Windows:
%AppData%\Acroname\BrainD\config
Mac:
~/Library/Application\ Support/Acroname/BrainD/config
Linux:
~/.acroname/BrainD/config