I’ve been exploring some MagicMirror modules that connect to external services, and a few of them seem to require certificates to authenticate or establish secure connections. As someone who’s just using the MagicMirror tool and not building anything from scratch, I’m curious how others deal with this requirement—especially when it comes to actually supplying these certificates in the format the module expects.
One thing that caught my attention is how some setups refer to using a .p12 file instead of a .cer or .pem file. I’ve usually seen .cer files come from certificate providers or browsers, but the modules I looked at seem to ask for a .p12 format. I’m trying to understand the best and safest way to deal with that. For example, if I only have a .cer file and a private key in a separate file, what’s the right way to turn those into a .p12 file without breaking anything or exposing sensitive information?
I came across the idea of converting a .cer file into a .p12 format, which packages both the certificate and private key into a single, password-protected file. This approach seems more manageable, especially when dealing with tools or modules that require secure authentication through a unified credential. The .cer file usually contains only the public certificate, while the .p12 (also known as PKCS#12) file includes both the certificate and the associated private key. To perform this conversion, I used a cer to p12 conversion tool, which typically requires both the original .cer file and the corresponding private key. The tool also asks for a password to protect the resulting .p12 file, adding an extra layer of security. I was positively inspired by this idea because it simplifies usage across different systems, and I’m hoping others here have thoughts on the best practices around this.
What I’m trying to figure out now is what to actually do with the .p12 file once it’s created. Should this go directly into the module folder, or is there a better location on my Raspberry Pi that MagicMirror can access safely? I don’t want to just place it anywhere if that’s going to create a security risk or cause the module to fail silently. I’ve thought about adjusting permissions using chmod to make it readable only by the mirror process, but I don’t know if that’s the typical way people handle it. Is there some common folder structure or method people follow for these kinds of sensitive files?
Another thing I’m wondering about is the password I set during the .p12 file creation—how is that used by the MagicMirror module? Do I need to include that password in the config, or does the module prompt for it somehow? I didn’t find much documentation about this part. If you’ve ever dealt with a module that uses certificate-based authentication, I’d really appreciate knowing how the password aspect is handled and whether you had to make any changes to the config or system settings for it to work.
Finally, how do people manage changes to certificates over time? For instance, when a certificate expires and I receive a new one, is it just a matter of repeating the conversion process and replacing the file, or are there other things to clear or reset to make sure the module reads the new certificate properly? I’m assuming you’d need to restart the MagicMirror process, but I’m not totally sure if that’s enough or if something else is required. Any experience or suggestions would be helpful.