Configuration: Setting up SSL

About

The free version of Agent DVR is great for local connections using HTTP. But, when you're stepping out into the world of remote connections, security is key, and that's where SSL comes in. Want a secure remote connection to your Agent DVR? Simply use our remote web portal for a safe and secure experience.

Important: Setting up SSL, DNS, and port forwarding can get a bit tricky, and we can't guarantee it'll work reliably on all networks. We recommend sticking with using our remote web portal for remote access. You'll still need a computer running Agent that's connected to your cameras but you won't need to mess around with anything else.

Pro Tip: Once you've got SSL and DNS up and running, you can access your Agent DVR from your mobile device and add it as an app through your browser's tool menu.

SSL on Windows

Follow the letsencrypt instructions to install a certificate on your computer.

When you have a certificate generated (a .pem file) you can use openssl.exe to convert it to a .pfx file:
openssl.exe pkcs12 -export -out C:\Certbot\live\youragentserver.ddns.net\certificate.pfx -inkey C:\Certbot\live\youragentserver.ddns.net\privkey.pem -in C:\Certbot\live\youragentserver.ddns.net\fullchain.pem

Right click the generated .pfx file and click Install. Install it to your local machine.

Bind the certificate to the IP address:port and application:

netsh http add sslcert ipport=0.0.0.0:443 certhash=YOUR_CERT_HASH appid='{642c92c9-a595-4315-b9cb-3cfdc902805b}'

Where YOUR_CERT_HASH is the thumbprint from your SSL certificate which you can find using "certmgr" from the start menu. Open CertMgr, expand Personal - Certificates and double click your certificate. The thumbprint is on the Details tab.

When you have generated and installed the certificate, open Agent DVR, click on Server Icon - Settings - Local Server tab and set the SSL Port to 443 and click OK.

At this point you should now be able to load the UI (in this example) under https://your.server.address .

SSL on Linux / macOS

Follow the letsencrypt instructions to install a certificate on your computer.

When you have a certificate generated (a .pem file) you can use openssl.exe to convert it to a .pfx file (make sure you are in the same folder your certificate was saved to):
openssl pkcs12 -export -out certificate.pfx -inkey privkey.pem -in fullchain.pem

In Agent DVR's local UI, click on Server Icon, Server Settings, select Local Server tab

Specify the port you want it to run on in SSL Port (default is 443). Provide the path to your certificate file under SSL Certificate. Specify the password you used to create the certificate under SSL Password. Click OK. Note: these fields are only visible on Linux/ macOS platforms.

At this point you should now be able to load the UI (in this example) under https://your.server.address .

You may need to run chmod 666 on the certificate file to allow Agent DVR to load it in.