MagicMirror Forum
    • Recent
    • Tags
    • Unsolved
    • Solved
    • MagicMirror² Repository
    • Documentation
    • 3rd-Party-Modules
    • Donate
    • Discord
    • Register
    • Login
    A New Chapter for MagicMirror: The Community Takes the Lead
    Read the statement by Michael Teeuw here.

    Certificate Handling with MagicMirror Modules: Where and How Should .p12 Files Be Used?

    Scheduled Pinned Locked Moved Development
    2 Posts 2 Posters 531 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      Mistiz
      last edited by

      I’ve been exploring some MagicMirror modules that connect to external services, and a few of them seem to require certificates to authenticate or establish secure connections. As someone who’s just using the MagicMirror tool and not building anything from scratch, I’m curious how others deal with this requirement—especially when it comes to actually supplying these certificates in the format the module expects.

      One thing that caught my attention is how some setups refer to using a .p12 file instead of a .cer or .pem file. I’ve usually seen .cer files come from certificate providers or browsers, but the modules I looked at seem to ask for a .p12 format. I’m trying to understand the best and safest way to deal with that. For example, if I only have a .cer file and a private key in a separate file, what’s the right way to turn those into a .p12 file without breaking anything or exposing sensitive information?

      I came across the idea of converting a .cer file into a .p12 format, which packages both the certificate and private key into a single, password-protected file. This approach seems more manageable, especially when dealing with tools or modules that require secure authentication through a unified credential. The .cer file usually contains only the public certificate, while the .p12 (also known as PKCS#12) file includes both the certificate and the associated private key. To perform this conversion, I used a cer to p12 conversion tool, which typically requires both the original .cer file and the corresponding private key. The tool also asks for a password to protect the resulting .p12 file, adding an extra layer of security. I was positively inspired by this idea because it simplifies usage across different systems, and I’m hoping others here have thoughts on the best practices around this.

      What I’m trying to figure out now is what to actually do with the .p12 file once it’s created. Should this go directly into the module folder, or is there a better location on my Raspberry Pi that MagicMirror can access safely? I don’t want to just place it anywhere if that’s going to create a security risk or cause the module to fail silently. I’ve thought about adjusting permissions using chmod to make it readable only by the mirror process, but I don’t know if that’s the typical way people handle it. Is there some common folder structure or method people follow for these kinds of sensitive files?

      Another thing I’m wondering about is the password I set during the .p12 file creation—how is that used by the MagicMirror module? Do I need to include that password in the config, or does the module prompt for it somehow? I didn’t find much documentation about this part. If you’ve ever dealt with a module that uses certificate-based authentication, I’d really appreciate knowing how the password aspect is handled and whether you had to make any changes to the config or system settings for it to work.

      Finally, how do people manage changes to certificates over time? For instance, when a certificate expires and I receive a new one, is it just a matter of repeating the conversion process and replacing the file, or are there other things to clear or reset to make sure the module reads the new certificate properly? I’m assuming you’d need to restart the MagicMirror process, but I’m not totally sure if that’s enough or if something else is required. Any experience or suggestions would be helpful.

      S 1 Reply Last reply Reply Quote 0
      • S Offline
        sdetweil @Mistiz
        last edited by sdetweil

        @Mistiz you shouldn’t need any certificates for MM to external connections, as the source server is required to provide the cert that covers its connections…

        MM does not provide a cert, as we don’t use http,
        assuming we are on a close private network in our homes.

        certs are a pita(pain in the a) in general …

        for access INTO my system , I no longer use an open port, and don’t have to provide certs for every source, or router module(gateway)

        I use cloudflare zero trust tunnel. they provide the cert, and maintain it.
        their endpoint connector runs on your network and can http connect to services at that level.

        Sam

        How to add modules

        learning how to use browser developers window for css changes

        1 Reply Last reply Reply Quote 0
        • 1 / 1
        • First post
          Last post
        Enjoying MagicMirror? Please consider a donation!
        MagicMirror created by Michael Teeuw.
        Forum managed by Sam, technical setup by Karsten.
        This forum is using NodeBB as its core | Contributors
        Contact | Privacy Policy