SecuritySpy, our fully-featured video surveillance solution for the Mac, offers a built-in web server that you can use to access your CCTV system from the Internet. For ease of setup, SecuritySpy allows you to choose your own free domain name in the form name.viewcam.me, which is used to access your system. SecuritySpy will automatically keep this domain updated with your current public IP address whenever it changes (this is called DDNS), and it will automatically generate and renew a free SSL certificate for secure HTTPS access.
However, some users may want to use their own domain name instead of the viewcam.me name provided. One way to do this would be to purchase a static IP address from your ISP, to which you point your domain, and then purchase and install your own SSL certificate for SecuritySpy. The downside to doing this is the cost, setup, and the fact that you will have to manually renew your certificate whenever it expires.
There is a better solution that allows you to use your own domain but that does not require a static IP address, incurs no ongoing costs, and offers automatic renewal – here’s how to set this up: Continue reading →
[NOTE 1: As of version 5, SecuritySpy automatically obtains official SSL certificates when using its free built-in viewcam.me domain name system, so this post should be ignored unless you wish to use your own domain name to access SecuritySpy.]
SecuritySpy has built-in support for HTTPS (HTTP Secure), which allows you to set up an encrypted web connection to your SecuritySpy server over the internet.
In order to set up any HTTPS server, an SSL certificate is required (SSL being the protocol that provides the security features to HTTPS). With some web servers this can be a complicated process, but we have designed SecuritySpy’s HTTPS server to be a simple as possible to set up: you simply enable the HTTPS option in the Web Server Settings window and SecuritySpy will do the rest for you. SecuritySpy will automatically create and use a “self-signed” certificate for this purpose, which gets you up and running immediately and provides a fully encrypted connection. The downside of such a certificate though is that it won’t be automatically trusted by any client software that you use to connect to SecuritySpy (e.g. a web browser such as Safari), so you will get a warning message to this effect. In this case though, as you are the one setting up the server, you can be assured of its authenticity, so it is safe to ignore such warnings.
The other option is to purchase an official certificate for your SecuritySpy server from a recognised Certificate Authority (CA). Any web browser connecting to SecuritySpy will automatically trust such a certificate, so the person viewing the web interface will see the reassuring padlock icon and no warning messages. This may be preferable, for example, if your server is to be viewed by people outside your organisation. Below are instructions on how to do this.
Note: these instructions are for SecuritySpy versions 4.1.5 and later, with the location of the SecuritySpy folder being within the Home folder (i.e. at ~/SecuritySpy/). If you are using an earlier version, note that your SecuritySpy folder will be at ~/Documents/SecuritySpy/.
UPDATE 4 JUNE 2014: SecuritySpy now has built-in support for HTTPS, so the setup described below is no longer needed for setting up SecuritySpy over SSL (although it may still be useful for generating SSL keys, certificates and certificate signing requests for other purposes). See the Web Server Settings section in the SecuritySpy user manual for information about the built-in HTTPS feature.
Secure Sockets Layer (SSL) is a cryptographic protocol that provides secure communications on the internet. It uses two keys to encrypt data: a public key and a private key. URLs that require an SSL connection start with https:// insead of http:// and operate on port 443 instead of 80 by default. SSL increases security as it makes it impossible for someone intercepting the stream of data to decode any information from it.
SecuritySpy does not have built-in support for SSL, however Mac OS X comes with Apache, a fully-featured and powerful web server, that can be used to set up the secure communication between the internet and SecuritySpy. In this way, Apache will be acting as a secure “reverse proxy” web server for SecuritySpy. This post describes how to set this up.