SSL Web Server

How do you setup Keyboard Maestro Web Server to use SSL certificates?

Cheers

Keith

As far as I can tell, the answer that Peter gave you in your topic from 2019 still holds.

Or maybe reverse proxy solution? You can always setup proxy server as frontend and hide your services behind them.
Nginx is very popular but in your case maybe tinyproxy (although not tested by me on macOS yet) will be enough.

There must be a way. Something like.

  • Finding out the extensions of the certificates
  • Determining the format of the certificates
  • Replace the certificates
  • Restart the web server in Keyboard Maestro

The hassle with the way it is at the moment is connecting via 443 on the ip address will bounce because the domain can't be validated.

Any idea what the self signed certificate domain is?

Cheers and thanks!

Keith

Good idea! I'll give that a shot.

Cheers and thanks!

Keith

Below certificate info taken from Vivaldi browser. As you see, the certificate has "invalid" (in context of DNS) Common Name and don't have extension for DNS, so it can't be assigned to any DNS name.

Is this from local machine?

If I knew where the certificates were stored, I could swap them out with my own.

Then make a change in my hosts file to map to the certificates.

Then restart the Keyboard Maestro engine.

What does an externally-validated certificate get you that KM's self-signed does not? I.E. What problem are you trying to solve here?

I want to connect via SSL.

When I turn on the web server component of Keyboard Maestro I get an IP address.

My server will bounce an IP address using SSL.

If there was domain name I could for the self signed certificate that would work, but it’s not obvious to me what that might be

From where? Local network, remote network? And with what client?

Where do you get that? I see a port number, but the "Connect" button goes to https://localhost:4491.

What server is that?

Have you tried simply "trust"ing the certificate (how you do that will vary by client/OS)?

Make sure you include the "https://" before the IP address so the browser knows what you mean and doesn't treat the IP address as a domain name and try to resolve it!

You don't need to use an IP address to connect to the KM web server, you can also use the FQDN of the host. Easiest way to find out your FQDN if you don't know it is to go to System Settings, then General, then Sharing, and click the "i" of the File Sharing item -- the FQDN will be shown in the SMB connection address.

If you're on the same network you can even use Bonjour, eg `https://mac-mini.local:4491".

Local machine will do. Local network would be better. The clients are FileMaker Pro, https call from

Go, cUrl and AppleScript.

My mistake. I see the same.

A middle tier Go server for extra functionality that FileMaker Servers we run do not have.

That would work but it's messy and probably hard to manage

I just remembered I can turn off SSL checking with Go - I'll run with that.

Are you using a Web Viewer, showing the KM web server so people can pick macros from a list? Or are you firing known macros, eg press button A to run macro "A Macro" with parameters from fields 1 and 2, button B to run macro "B Macro" with parameters from fields 3, 4 and 5?

If it's the latter, maybe look at using KM's Command Line Tool over ssh instead of the web server. You could set up a limited service account used by everyone or use individual accounts (easier if you have centralised ID/auth), along with public keys for passwordless ssh.

(Of course -- if this is all internal, with only trusted hosts on the network etc, do you actually need https or can you get away with http?)

Otherwise, look at setting up your own web frontend to the KM machine. You can use whatever web server you want, presented how you want, secured how you want, and CGI the Command Line Tool.

1 Like