Chromecast working...!

Martin Paul Sr

Young grasshopper
Joined
Jun 6, 2018
Messages
65
Reaction score
23
Location
San Jose
There have been a lot of complaints: When you have a Chromecast on your LAN you can see the Chromecast link/logo in the Android app, but if you try to use it you will see "Chromecast is only supported over https".
It's not the app's fault, I think https is a Chromecast requirement.
And it requires not only https, but https using a CA-signed SSL certificate.
It is not trivial to get a secure SSL https connection on a home PC running a non-https server like Blue Iris, but with this info it is easy.

To get it working on a you need:
  1. An https web server proxy call stunnel
  2. DNS admin access to a registered domain name
  3. An SSL certificate signed by a trusted CA (certificate authority)
Part 1:
Download and install "stunnel" (.exe file) which provides the https encrypted web proxy.
Then configure the https port by editing the file stunnel.conf (in the \stunnel\config folder under Program Files or Program Files (x86) )
This file needs to contain at least:

[https]
accept = 443
connect = 81
cert = stunnel.pem
TIMEOUTclose = 0

Notes:
  • This means stunnel on you BI server will listen on port 443 and make the encrypted connection to your Blue Iris server port 81 (or whatever port you use for BI).
  • Your router needs a port forward setting to accept port 443 connections and forward them to your BI server LAN IP port 443, then stunnel will connect that data to Blue Iris.
  • You can now connect to your BI server with secure https encryption but it has a self-signed (not trusted) certificate.
    You can connect to BI and view camera streams with the UI3 web app and your Android app, but the Android app won't stream video to Chromecast, and your browser in UI3 will alert you that your connection is not secure.
Part 2:
If you don't already have a registered domain name, get one from a registrar.
They will provide admin access to DNS settings.
The first setting is to set up an A Record directing the domain name to your WAN address (the public IP address of your router).
For example if you register the name myserver.com and your public IP address is 185.31.17.133 you might create an A Record with a subdomain like "cams" so that cams.myserver.com will point to 185.31.17.133.
You will also need admin access to create a TXT Record in part 3.

Part 3 (the lucky part):
Fortunately there is a trusted CA (certificate authority) that is free of charge called "LetsEncrypt", and there is an online wizard that creates the required keys and certificates from LetsEncrypt for you called "ZeroSSL".
Go to ZeroSSL.com and select the Online Tools section and the Free SSL Certificate Wizard it will walk you through creating a real SSL cert from LetsEncrypt.
At the start you should select the "DNS Verification" option and give it your domain name such as cams.myserver.com, and of course accept their terms for ZeroSSL and LetsEncrypt.
As you continue with the NEXT button through the steps, it will instruct you to create a specific TXT Record in the DNS settings of your domain to verify ownership, and it will generate a number of text files (four) which you should download and save.
The contents of the final two of those files (domain-key.txt and domain-crt.txt) will replace the contents of your stunnel.pem file (in the \stunnel\config folder under Program Files or Program FIles (x86) ).
Keep the other two files for easy renewal of the cert which is required at most every 90 days.
The text in the file stunnel.pem must contain: 1) the encoded key from domain-key.txt "RSA PRIVATE KEY" first and 2) the encoded certificates from domain-crt.txt "CERTIFICATE".
There should also be empty lines after the private key and after the certificate.
So the file should look like this:

-----BEGIN RSA PRIVATE KEY-----
[encoded key]
-----END RSA PRIVATE KEY-----
[empty line]
-----BEGIN CERTIFICATE-----
[encoded certificate]
-----END CERTIFICATE-----
[empty line]

The contents of domain-crt.txt has two certificates.
They do not need to be separated.
After all this is done, set your Android app's LAN to use https:// and the real certified domain name, not the IP address (to find that setting, log out and click EDIT).
You can also use your domain instead of an IP address to connect to UI3 without warnings or errors.
When you connect the Android app while on your LAN (same LAN as Chromecast(s), whatever camera view you select can be cast and displayed on the TV...!
It will stay displayed even if you turn off the screen or open a different app (but not if you close the BI app).
Now you can be Scarface and see all your assailants in approaching you in your home, right on the big screen... "Say hello to my little friend!"

One other note:
Apparently Chromecast will only accept an HTTPS connection from a server with a CA-signed certificate (Netflix, Google. etc.).
I use a couple apps that play local video (Videostream for Chromecast the PC and Bubble UPnP on Android).
I think this means those apps must be initially connecting with an HTTPS cloud server even when streaming local stuff within my LAN.
In this Blue Iris case, since you created a real CA-signed HTTPS server on you own PC, the secure connection is made within your own private LAN.

Two other tips (01/18/2019):
1. If you also set the WAN address to https://realcert.domain.com you can cast to others' Chromecast devices (if they let you on the LAN of course). I did it at my daughter's apartment...!
2. If the Blue Iris logo seems to be staying up on the TV too long and not switching to your cams, try swiping left or right on the huge Chromecast icon that appear on the Android's screen where the images would be, or try pressing the home button (without closing the app).

Update (03/09/2019):
Both my Chromecast (1st gen) devices took a firmware update this week (1.32.144770), after which casting from the Android app stopped working completely.
I'm talking black screen on TV, not even a BI banner, and cams still showing on the app screen.
Tried rebooting the BI server and using a different Android device, same result.
So I went out and picked up two new 3rd gen Chromecasts (still $35 ea) to see if they would work.
Before installing the first new one, I went to the Google Home app to disconnect the old one.
In the settings for the device I noticed an item "Use 50Hz HDMI Mode".
Just for one last try, I switched on that setting and casting from the BI app was now working!
This doesn't make sense to me because Google says the setting is a rarely used advanced feature that applies to users in Asia and Europe who are experiencing video stutter during fast action like sports.
I tried a few other cast apps like YouTube, NetFlix, TuneIn and they still work fine.
I thought about returning the new devices but I still wanted to see if they can cast the BI app.
They do, and the 50Hz HDMI Mode setting makes them start the cam streams faster.
I'll just keep the new ones because they seem to start everything fast and they're cheap.
Anyway, if you can't seem to cast from the BI Android app, try switching on the "Use 50Hz HDMI Mode"

Update (09/29/2020)
If anyone still cares (I do), I may have left out the thing that was preventing almost everyone else from successfully using Chromecast.
You need to set Blue Iris to start as a Service in Windows, which means Startup Type is set to Automatic by default.
Then you need Stunnel to also start as a Service (do it in Services in Windows, there's no UI setting) Service, but then go into the Properties of that Service and select Automatic (Delayed Start).
I believe Stunnel needs to activate after Blue Iris web server is up and running.
I've always had to do it this way but finally removing BI4 after BI5 upgrade mucked it up and I was reminded when fixing it.
Some other news: ZeroSSL is no longer an interface to the free LetsEncrypt cert, they have their own cert called ZeroSSL RSA Domain Secure Site CA
But it works providing the proper CA secure connection on your own server, and it's free for up to three domains.
I think the new ZeroSSL interface is simpler and better.
 
Last edited:

abraxas11

n3wb
Joined
Mar 23, 2016
Messages
12
Reaction score
2
this sounds great for me, i'm going to have to give it a try.
 

mtpleasantben

Young grasshopper
Joined
Feb 27, 2017
Messages
73
Reaction score
3
Location
Washington, DC, United States
Thanks for the great write up! I did exactly as you recommended, but no luck with the chromecast. The SSL cert instructions works, however when I cast the screen just blinks a lot with the BlueIris Logo. Its very possible my Chromecast GEN1 wont work, but I would assume it would. What Gen Chromecast do you have? How long does it take to get past the blinking blueiris splash screen?

If you can edit your post, change the middle of Step 3 to reference domain-key.txt instead of private-key.txt, the first time i did it I used my account-key.txt (just because I wasn't thinking.)

Also, the spacing isn't important at all. I'd recommend making a copy of your pem file, and editing it with notepad, then cutting and pasting from the 2 txt files you download directly so that you keep the correct format. There should be NO spacing.
 

Martin Paul Sr

Young grasshopper
Joined
Jun 6, 2018
Messages
65
Reaction score
23
Location
San Jose
Thanks for the great write up! I did exactly as you recommended, but no luck with the chromecast. The SSL cert instructions works, however when I cast the screen just blinks a lot with the BlueIris Logo. Its very possible my Chromecast GEN1 wont work, but I would assume it would. What Gen Chromecast do you have? How long does it take to get past the blinking blueiris splash screen?

If you can edit your post, change the middle of Step 3 to reference domain-key.txt instead of private-key.txt, the first time i did it I used my account-key.txt (just because I wasn't thinking.)

Also, the spacing isn't important at all. I'd recommend making a copy of your pem file, and editing it with notepad, then cutting and pasting from the 2 txt files you download directly so that you keep the correct format. There should be NO spacing.
I edited that filename mixup in step 3, thanks for catching it.
The thing didn't work for me until I followed the spacing instructions, then it did. I learned about the spacing rules in stunnel's support FAQ I think. Anyway it works for me. I would note that the domain-cert.txt file contains two certifcates, and those should have no spaces or break between them.
I use old Chromecast plugs (not sure what Gen, but they are a few years old and not those dongles or Ultras).
For me the Blue Iris logo is replaced by the live camera stream very quickly when I activate Chromecast.

Update: I noticed the instructions here stunnel TLS Proxy no longer state the spacing is important, so I think mtpleaseantben is right about that. I still use the rule and it works for me.
 
Last edited:

mtpleasantben

Young grasshopper
Joined
Feb 27, 2017
Messages
73
Reaction score
3
Location
Washington, DC, United States
Thanks! Yeah stunnel will show an error in the log if there is an error in the pem file, so it may not be that which caused it to work.

Let me ask you this. Is your Chromecast, blueiris, and phone/Android device all on the same flat network (subnet)?

On thing I did notice is if I ask and go to a clip I get the cycling blueiris logo with a image icon similar to one on a web page if a file wasn't found.

I'd love to figure this out. My blueiris server is on a different subnet, but still accessible and within the same LAN. Maybe it's just that.
 

Martin Paul Sr

Young grasshopper
Joined
Jun 6, 2018
Messages
65
Reaction score
23
Location
San Jose
I honestly don't know how old mine are but I would guess around 2015.
I'll have to install Google Home app (and go home) but I'll check it out.
Did you try the spacing rule in the .pem file?
This is straight from the horse's (stunnel's) mouth: stunnel TLS Proxy
I too thought it was wrong and ignored it because the .pem file that came with the plain stunnel install followed no such pattern.
But I am certain the last thing I did was to change nothing but the spacing in the .pem file, and Bingo!

Update: I noticed the instructions here stunnel TLS Proxy no longer state the spacing is important, so I think mtpleaseantben is right about that. I still use the rule and it works for me.
 
Last edited:

mtpleasantben

Young grasshopper
Joined
Feb 27, 2017
Messages
73
Reaction score
3
Location
Washington, DC, United States
Ok. Here's the deal. I did a ton of playing and for a glimpse of a second I saw one of my many cameras. What really stuck with me was one person in another thread who only got it to work when the used the rotate all cameras, and that was what worked for me for a slight moment in time.

I can promise as much as you want to believe it's the pem, it's not. If the pem was the issue reloading config would give you a log error and https requests would work correctly with the ssl cert you mentioned. However I did make the change, with no luck.

Let's focus on one thing. Camera resolution.

So let me know these answers.

1. What is the resolution of your TV?
2. What is the resolution of your cameras that cast.
3. Do all of your cameras cast? Can you cast alerts too? If any don't cast, what are their resolution.

It's all I can think of. I mean I can see you and maybe one other person who is actually chromecasting here. And I do think your instructions with the ssl cert is an essential step!

Let's figure this out. Then let's figure out that other bug with the mobile notification animated gif blank notification thing.

This app needs some attention!
 
Last edited:

Martin Paul Sr

Young grasshopper
Joined
Jun 6, 2018
Messages
65
Reaction score
23
Location
San Jose
There's someone else Chromecasting here? I thought I was special. :)

I see your point about the log file, my Bingo moment was the first time the log file started without error, and then casting worked. If your's starts without error and still won't really cast then I get it now why we need a further fix.

OK let me check out my setup (it's pretty small so maybe that's why I'm casting so well):
My Chromecast firmware is 1.32.124741
I have three indoor cams that are 720p and one doorbell that is 1080p
The TV I'm using now for testing is 1080p 55"
All the cameras cast, either in All Cameras view, or any individual.
I haven't tried casting alerts till now, so I tried now and the screen displays nothing except a large "ES File Explorer Cast".
I guess because they are recorded video files and not streams, it is trying to use a video player.

Personally, I'm only interested in casting live streams, like a CCTV system, and I just kinda do it for fun, or to watch downstairs from upstairs bedroom.
It never occurred to me to cast alerts, I'm happy with the MMS and app alerts on my phone.

What I'd like to figure out is to have geofence exits and entrances activate automatically.
Currently they alert me but will only kick in the server change if I sign into the app, so it's totally manual.
All I want is "on" when I'm out and "off" when I'm in.
I can just as easily use the traffic light for that if I have to do it manually, so it's useless for me.
I'll try to start a thread or support session about that soon if someone hasn't already.
 
Last edited:

mtpleasantben

Young grasshopper
Joined
Feb 27, 2017
Messages
73
Reaction score
3
Location
Washington, DC, United States
Thanks for your update. A few things here.

1. All of your cameras are equal or below the resolution of your TV, most of mine are higher than what my tv can handle. Shouldn't ever be an issue, but we are looking at everything here.

2. Your Chromecast firmware isn't up to date. You most likely have the second gen adapter. Maybe you are the only lucky one because you are stuck on an old firmware version? You couldn't have the 1st Gen, your firmware is too high. I'm lost here, can you look up your adapter and let us know which version you have?

Current Preview Program firmware version
Chromecast (1st gen) — Firmware version 1.32124602

Chromecast (2nd gen) — Firmware version 1.35134464

Chromecast — Firmware version 1.35134464

Chromecast Ultra — Firmware version 1.35134959

Chromecast Audio — Firmware version 1.32124602

Want to test drive the latest firmware version before it's released broadly? Join the Chromecast Preview Program.

Current production firmware version
Chromecast (1st gen) — Firmware version 1.32124602

Chromecast (2nd gen) — Firmware version 1.35134464

Chromecast — Firmware version 1.35134464

Chromecast Ultra — Firmware version 1.3513459

Chromecast Audio — Firmware version 1.32124602

Cast for Android TV — Firmware version 1.32124602
 

mtpleasantben

Young grasshopper
Joined
Feb 27, 2017
Messages
73
Reaction score
3
Location
Washington, DC, United States
You are rather new to blueiris, so let me just say over a year ago the Android app was worthless. Over the past year a lot of development has gone into the web version, (ui3) and it's truely amazing now. So I think most of the older users us the web browser to watch it on a screen. For me I load Firefox on a firestick and load the web URL with jog high. I'd love if the stick did the h264, but oh well. Other times I'll load chrome on my Amazon fire tablet in h264 and cast that to my Chromecast. (Browser cast). That's ok, but fuzzy. I don't use geofencing, because I want the notifications wherever I am. I've been using email notifications for years, and would really like to move to something more efficient like the in app mobile notification with an animated gif. Man I'd love to swipe down and see what happened rather than opening an email.

Since again you are part of a select two, it'd be nice to have figured out the exact situation when this works. I can disable all but my 1080p camera and see if it casts to my 1080p tv. I might throw in th towel soon. It's just too much work for something I can do another way. I mean I recently upgraded my blueiris server just because I couldn't figure out why some updates caused my CPU to max out at 100%. So much time wasted there, that $600 for a new i7-8700 fixed. Lol.
 

Martin Paul Sr

Young grasshopper
Joined
Jun 6, 2018
Messages
65
Reaction score
23
Location
San Jose
Thanks for your update. A few things here.

1. All of your cameras are equal or below the resolution of your TV, most of mine are higher than what my tv can handle. Shouldn't ever be an issue, but we are looking at everything here.

2. Your Chromecast firmware isn't up to date. You most likely have the second gen adapter. Maybe you are the only lucky one because you are stuck on an old firmware version? You couldn't have the 1st Gen, your firmware is too high. I'm lost here, can you look up your adapter and let us know which version you have?

Current Preview Program firmware version
Chromecast (1st gen) — Firmware version 1.32124602

Chromecast (2nd gen) — Firmware version 1.35134464

Chromecast — Firmware version 1.35134464

Chromecast Ultra — Firmware version 1.35134959

Chromecast Audio — Firmware version 1.32124602

Want to test drive the latest firmware version before it's released broadly? Join the Chromecast Preview Program.

Current production firmware version
Chromecast (1st gen) — Firmware version 1.32124602

Chromecast (2nd gen) — Firmware version 1.35134464

Chromecast — Firmware version 1.35134464

Chromecast Ultra — Firmware version 1.3513459

Chromecast Audio — Firmware version 1.32124602

Cast for Android TV — Firmware version 1.32124602
I don't know why my firmware version would be out-of-date. I see it updating occasionally.
Also I don't know how to tell which generation mine are. I have two they might be different.
 
Last edited:

Martin Paul Sr

Young grasshopper
Joined
Jun 6, 2018
Messages
65
Reaction score
23
Location
San Jose
You are rather new to blueiris, so let me just say over a year ago the Android app was worthless. Over the past year a lot of development has gone into the web version, (ui3) and it's truely amazing now. So I think most of the older users us the web browser to watch it on a screen. For me I load Firefox on a firestick and load the web URL with jog high. I'd love if the stick did the h264, but oh well. Other times I'll load chrome on my Amazon fire tablet in h264 and cast that to my Chromecast. (Browser cast). That's ok, but fuzzy. I don't use geofencing, because I want the notifications wherever I am. I've been using email notifications for years, and would really like to move to something more efficient like the in app mobile notification with an animated gif. Man I'd love to swipe down and see what happened rather than opening an email.

Since again you are part of a select two, it'd be nice to have figured out the exact situation when this works. I can disable all but my 1080p camera and see if it casts to my 1080p tv. I might throw in th towel soon. It's just too much work for something I can do another way. I mean I recently upgraded my blueiris server just because I couldn't figure out why some updates caused my CPU to max out at 100%. So much time wasted there, that $600 for a new i7-8700 fixed. Lol.
You're right I'm new to Blue Iris.
A friend (abraxas11 up there in this thread) told me about it just this year when I was talking about the need for some kind of security camera(s).
I think I impressed him (and myself) when I got it working.
I found the the best notifications are SMTP->your carrier's MMS, including snapshot.
It's easy to setup in BI, they even list the email gateway addresses of more carriers that you've ever heard of.
Yes, just swipe down or tap to get message and snapshot, then go to the app or UI3 for a live view if concerned.
I have tons of trigger test opportunities because I have a handyman friend who has free access to the place as well a some maid and lawn services, and everything works great.
Abraxas and I even talked about starting a business setting this up for people.
I'm running mine on a 6-year-old i3 laptop (only computer in the house!) and BI doesn't choke it at all.
It's using like 5-7% CPU, and less memory (360MB) than this singe-window Chrome session.
Maybe because I have a not-so-big cam setup.
I'd definitely be in the market for a new i7 for $600. Where are you seeing that?
 
Last edited:

mtpleasantben

Young grasshopper
Joined
Feb 27, 2017
Messages
73
Reaction score
3
Location
Washington, DC, United States
There is a good thread on here where they discuss which releases of processors include what new enhancements. I just got lucky with some local guy on Craigslist was having issues with trying to build a machine for something else.

I do see i-7700 desktops for $600 at Dell. Check the deal sites and eBay. If you dont have may cameras you can get away with a third gen i7 for $200. Check out the threads on building machines.
 

Martin Paul Sr

Young grasshopper
Joined
Jun 6, 2018
Messages
65
Reaction score
23
Location
San Jose
There is a good thread on here where they discuss which releases of processors include what new enhancements. I just got lucky with some local guy on Craigslist was having issues with trying to build a machine for something else.

I do see i-7700 desktops for $600 at Dell. Check the deal sites and eBay. If you dont have may cameras you can get away with a third gen i7 for $200. Check out the threads on building machines.
Of course, thank you...!
 

brettcp

Young grasshopper
Joined
Jul 30, 2018
Messages
34
Reaction score
15
Location
CA
I've been messing around with this for a couple of hours now.. tried certificates from multiple providers, etc.. I can access BI via HTTPS but my browser prompts that "Your connection is not secure" and I have to add an exception to continue.. I can access it via the WAN/external IP but still not via Chromecast. Trying to get this working just over my LAN. I assume I've done something wrong as I believe I should not be getting this warning if Stunnel and my certificate is setup properly.. When I attempt to connect from a browser, I get this in the Stunnel log:

2018.11.18 14:35:59 LOG5[0]: Service [Blue-Iris] accepted connection from 192.168.2.121:50291
2018.11.18 14:35:59 LOG3[0]: SSL_accept: 14094412: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate
2018.11.18 14:35:59 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket

Any ideas?
 
Last edited:
Top