How do update the Evoko Home SSL/TLS certificate?
Replacing the auto-generated, self-signed certificate will get rid of the "Not Secure" message and will increase the security of your Evoko Home server. This can be done during the initial configuration of Evoko Home, or at a later time. If you need to do it after the initial configuration you will need to replace the self-signed certificate and key file through the file system of the server. Unfortunately there is currently no way of doing this via the web interface.
To change the certificate that Evoko Home use, simply replace the self-signed server certificate and private key files with trusted ones.
Their default location is C:\Program Files\Evoko\EvokoHome\liso_files\certificates\
on Windows and ~/Evoko Home/liso_files/certificates/
on Linux.
Please note that:
- File names need to be exactly
server.crt
andserver.key
. - The files should be in PEM format.
- The private key needs to be unencrypted, i.e. not password protected.
- In some cases - for example when enabling the Liso strict TLS check - it may be necessary to concatenate the certificate with the intermediate and root certificates so that the full trust chain is available on the Evoko Home server.
Note! Before replacing your existing certificate and key make sure that you have a backup copy of them so you can revert to the self-signed certificate in case of issues.
Once the new certificate and key files are in place, restart the Evoko Home service to load the new certificate:
- Windows: restart the
ERM Service
underservices.msc
- Linux: run
evoko_home restart
After restarting the Evoko Home service make sure you can access it via http (e.g. http://localhost:3000) and it should, if successful, redirect you to https (e.g. https://localhost:3002).