Day 26: Mobile access with Lights-Out Mobile
We are almost done with our step-by-step series on the new features of Lights-Out 2. Today we will implement mobile access with Lights-Out Mobile and connect our smart phone or tablet to our server.
This is an app for all major ecosystems, namely Android, iOS, Windows Phone 8/10 and Windows 8/10 Apps. We will not do a showcase of the app ere, today we will only show how you can connect to Lights-Out 2.
Using mobile access inside of your local network (LAN)
This is the easy part. If you run a trusted network, you can directly connect to your server IP-Address or name. Remember the ports used by Lights-Out?
|Port||DNS Name||SSL Binding||Usage|
|7782||Server netbios name, for example "SERVER"||no binding||used for internal access (LAN), insecure|
|7783||Server netbios name, for example "SERVER"||SERVER||used for internal access (LAN)|
|7784||External domain name or Dynamic DNS name, for example "server.remotewebaccess.com", "server.homeserver.com" or "server.ddns.org"||server.ddns.org||used for external access (WAN)|
The table tells us, that we need to use port 7782. Hence enter the url server:7782 or 192.168.x.y:7782 to access the server:
and it works!
If you trust the device (or more exactly the owner), you can finally enable server actions. Double click the device to show the properties and then enable server actions (1):
You can furthermore disable any device (2) from being listed in Lights-Out Mobile.
Using mobile access from outside of your local network (WAN)
Access from outside requires some more work. You have to configure a port forward in your router and you need to have a working SSL chain. Let’s look at each.
The table above tells us again that we need to forward port 7784 in our router. You are free to use a different external port, but to keep it simple, we forward internal port 7784 to external port 7784 for TCP.
Lights-Out Mobile enforces SSL if you connect to a domain name (instead of a single netbios name or ip-address). So, we need to have a working SSL chain in place. If you run a Windows Home Server or Windows Essentials Server, simply configure remote access to get your free GoDaddy certificate and you’re done. GoDaddy uses a trusted CA (root) certificate which is recognized by your mobile operating system.
But what if we use our self-signed certificate? It works if you included your dynamic DNS name into your certificate. If you missed that step, go back and recreate the server certificate.
Now comes the tricky part. We have to bring our CA (root) certificate to our mobile device. This depends on the operating system, but we always start and access the Lights-Out download page to download the certificate to the device (http://server:7782).
Note: You have to install the certificate if you do not use the Lights-Out Client-Software! Otherwise it it already installed.
Right click on the gray “Root-CA certificate” button, select “Save target as” and then save “root-ca.cer” in your download folder.
Double click on “root-ca.cer”, then click “Install certificate”, select “Local Machine” and click “Next”.
Click (1) to select the store, then click on (2) to browse the store. A dialog pops up, select “Trusted root certification Authorities”. Click OK and Finish.
Again, open the download page and tap on “root-ca.cer”. Settings open and show the certificate. Click “Install”
Click “Install” again and enter your passcode
Confirm again and install
If all went well, settings show your certificate under profile:
Finally enter an url similar to https://server.ddns.org:7784 in Lights-Out Mobile.
Today we learned how to connect mobile equipment to our server, why we need SSL certificates for WAN access and how we can install certificates on a device.
Tomorrow we will put all together, and look at some configuration samples.
Here you will find the complete list of all days of our step-by-step series.