Skip to main content

HOW TO: Enable HTTPS for Remote Control of Softron Applications

  • Updated

By default, Softron applications that support remote control via the REST API use HTTP for communication.

However, in situations where your computer is accessible over a public network—such as when it has a public IP address—you should secure the connection using HTTPS. This requires setting up a valid TLS/SSL certificate.

Important: Once HTTPS is enabled in a Softron application, HTTP is disabled. You must choose either HTTP or HTTPS, not both.

 

Creating a TLS/SSL Certificate

To enable HTTPS, you need a valid certificate in .p12 format (also known as PKCS#12). You may want to consult an IT professional, but here are some key guidelines.

 

Password protection

Our applications require that the .p12 certificate is protected by a password. Make sure to generate one that is password protected, and make sure you remember it, as it will be needed during setup.

 

Option 1: Create a certificate from a trusted Certificate Authority

This is the recommended way, but requires to obtain a certificate from a trusted Certificate Authority (CA) (e.g., Let’s Encrypt, DigiCert), so has a cost and may need to change some settings in your network, so make sure to do this with your IT specialist.

Once you get the certificate, export it (and its private key) as a .p12 file

Note that the hostname (DNS name) of the computer running the Softron application must match the certificate’s Common Name (CN) or Subject Alternative Name (SAN).

 

Option 2: Create a self-signed certificate

You can use a self-signed certificate, that would work only locally. Note that as the certificate is not signed by a trusted CA, you will get a warning in your browser saying "This Connection Is Not Private", and you will have to tell it to connect anyway. Prefer to use a certificate from a trusted CA to avoid this. 

Ensure it’s exported as a .p12 file, and is password protected.

If you want to run a quick test with a self-signed certificate, you can generate a key and certificate (just for localhost or 127.0.0.1, so only working on the same computer) with this request in Terminal:

openssl req -x509 -newkey rsa:2048 -sha256 -days 365 \
  -nodes -keyout server.key -out server.crt \
  -subj "/CN=localhost" \
  -addext "subjectAltName=DNS:localhost,IP:127.0.0.1"

Then bundle the key and certificate into a p12 file.

If you are using macOS 15 or later, use the following command in Terminal:

openssl pkcs12 -export \
 -inkey server.key -in server.crt \
 -out server.p12 \
 -name "Local HTTPS" \
 -passout pass:myPassword

If you are using macOS 14 or earlier, you need to use the older SHA1/3DES-based algorithms by adding "legacy" to the command:

openssl pkcs12 -export -legacy \
 -inkey server.key -in server.crt \
 -out server.p12 \
 -name "Local HTTPS" \
 -passout pass:myPassword

Make sure to replace "myPassword" with a password you know.

Using the same method, you could also generate certificates for access in your local network, check online for other requests.

 

Where to Place the .p12 Certificate File?

For applications without a “Select” button (e.g., OnTheAir Video)

You must place the .p12 file in a specific folder, using a specific name, for example with OnTheAir Video:

/Library/Application Support/Softron/OnTheAir Video/OnTheAir Video/Certificates/tls_certificate.p12

Note that the folder is not created by default, so you will need to create it manually.

For OnTheAir Video multi-instance versions (e.g., OnTheAir Video 2), adjust the path accordingly:

/Library/Application Support/Softron/OnTheAir Video/OnTheAir Video 2/Certificates/tls_certificate.p12

 

Restart required: Quit and relaunch the application after placing the certificate so it can be loaded.

For applications with a “Select” button (e.g., OnTheAir MOS Gateway)

You can store the certificate anywhere on your system, with any filename. In the app’s settings, click “Select” and choose your .p12 file manually. 

Configuring HTTPS in Your Application

Open your Softron application and go to the HTTP server settings. For example, in OnTheAir Video, check in:
Settings > General > HTTP Server

Common Errors and Troubleshooting

“Certificate Missing” error:

  • Check that the .p12 file is in the correct folder and named correctly (for apps without a “Select” button).
  • For apps with a “Select” button, make sure the file hasn’t been moved or deleted.

 “Certificate Invalid” error:

  • The certificate may be expired, malformed, or not trusted.
  • You may have entered an incorrect password.

 

Successful Setup

Once a valid certificate is loaded and the correct password is entered, the application will show that HTTPS is enabled

You can now securely control the Softron application using the REST API over HTTPS.

 

Additional Tips

  • Certificate validity: Always check the expiration date of your certificate and set reminders to renew it in time.
  • Backup your .p12 file and store it securely along with the password.
  • If using Let’s Encrypt, automate renewal with scripts and convert .pem files to .p12 format using openssl.

Related articles

Comments

0 comments

Please sign in to leave a comment.