When you visit a website you may see the padlock icon in your browser’s address bar which means your connection is protected by SSL/TLS—a set of cryptographic protocols designed to provide secure communication over the internet. But how exactly does it work in Indigo, and where do certificates fit into the Indigo architecture?

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are protocols that encrypt data exchanged between your browser and a website’s server. This encryption ensures sensitive information like passwords, credit card numbers, and personal data can’t be intercepted or tampered with by malicious actors.

What is a Digital Certificate?

To set up this secure channel, websites use digital certificates—special files that verify the identity of the server. These certificates are typically issued by known Certificate Authorities (CAs), trusted third-party organizations that confirm the legitimacy of a website or company. Indigo registers and maintains several digital certificates so you know the content you're viewing is both encrypted and legitimate.

What Is a Self-Signed Certificate?

A self-signed certificate is exactly what it sounds like—a certificate that’s signed by the person or organization that created it, rather than by a trusted CA. While it still encrypts data just like a CA-issued certificate, it lacks the external validation that ensures the server is who it claims to be. This is common for several types of environments — for example, when traffic is originated and received on the same local area network. While self-signed certificates aren't suitable for public websites (browsers will rightfully flag them as untrusted and insecure), they’re definitely useful in certain Indigo environments.

Times When Indigo Uses a CA-Trusted Certificate

Secure traffic that flows through Indigo’s servers uses a certified, CA-issued certificate whenever your connection uses appropriate security. For example, if you browse to Indigo's website using the address https://www.indigodomo.com, the traffic is encrypted and — depending on your browser — you may see a lock showing the connection is secure, but even if you don't see a lock, the traffic is secure. In Safari you can review the security of any connection by heading to the File > Connection Security Details… menu item.

Indigo uses CA-issued certificates for sites like:

• Indigo's main website,
• Indigo forums,
• Indigo Reflector Service, and
• Indigo wiki

REMEMBER! The Indigo Reflector Service is the recommended way to connect to your Indigo server over the web.

Times When Indigo Uses Self-Signed Certificates

Beginning with Indigo 2024.1, Indigo added support for local secure traffic via HTTPS:// and, as mentioned above, doing so requires a security certificate. Since it's not possible to create a third-party certificate for local addresses like 127.0.0.1 and localhost, Indigo must use a self-signed certificate. This allows you to toggle HTTPS support on and off at will without having to purchase a certificate and do all the necessary configuration that's required to use one.

There are several ways that Indigo uses self-signed certificates to help you get the most out of Indigo. If you started your server with HTTPS enabled, Indigo uses the self-signed certificate for:

• Indigo Touch Web,
• Indigo Control Pages. and
• Web content in Indigo's Web Assets folder.

Working With Self-Signed Certificates

When you access your Indigo server via the web without using Indigo’s Reflector Service, you will (rightfully) be warned that the traffic from the site you're using is not private -- because it's using a self-signed certificate. When you acknowledge the warning and agree to view content, your browser will typically remember your choice until you clear your browser's cache and cookies or otherwise revoke your acceptance of the certificate.

You can, of course, continue to use local HTTPS and acknowledge the security warnings as required and that's perfectly fine. However, if you want a more “permanent” solution, we've provided a how-to guide for many environments that should help for the most common uses of Indigo.

We hope this post has removed a bit of the mystery surrounding the different methods Indigo uses to make your home automation environment more secure.