There have been a lot of complaints: When you have a Chromecast on your LAN you can see the Chromecast link/logo in the Android app, but if you try to use it you will see "Chromecast is only supported over https".
It's not the app's fault, I think https is a Chromecast requirement.
And it requires not only https, but https using a CA-signed SSL certificate.
It is not trivial to get a secure SSL https connection on a home PC running a non-https server like Blue Iris, but with this info it is easy.
To get it working on a you need:
Download and install "stunnel" (.exe file) which provides the https encrypted web proxy.
Then configure the https port by editing the file stunnel.conf (in the \stunnel\config folder under Program Files or Program Files (x86) )
This file needs to contain at least:
[https]
accept = 443
connect = 81
cert = stunnel.pem
TIMEOUTclose = 0
Notes:
If you don't already have a registered domain name, get one from a registrar.
They will provide admin access to DNS settings.
The first setting is to set up an A Record directing the domain name to your WAN address (the public IP address of your router).
For example if you register the name myserver.com and your public IP address is 185.31.17.133 you might create an A Record with a subdomain like "cams" so that cams.myserver.com will point to 185.31.17.133.
You will also need admin access to create a TXT Record in part 3.
Part 3 (the lucky part):
Fortunately there is a trusted CA (certificate authority) that is free of charge called "LetsEncrypt", and there is an online wizard that creates the required keys and certificates from LetsEncrypt for you called "ZeroSSL".
Go to ZeroSSL.com and select the Online Tools section and the Free SSL Certificate Wizard it will walk you through creating a real SSL cert from LetsEncrypt.
At the start you should select the "DNS Verification" option and give it your domain name such as cams.myserver.com, and of course accept their terms for ZeroSSL and LetsEncrypt.
As you continue with the NEXT button through the steps, it will instruct you to create a specific TXT Record in the DNS settings of your domain to verify ownership, and it will generate a number of text files (four) which you should download and save.
The contents of the final two of those files (domain-key.txt and domain-crt.txt) will replace the contents of your stunnel.pem file (in the \stunnel\config folder under Program Files or Program FIles (x86) ).
Keep the other two files for easy renewal of the cert which is required at most every 90 days.
The text in the file stunnel.pem must contain: 1) the encoded key from domain-key.txt "RSA PRIVATE KEY" first and 2) the encoded certificates from domain-crt.txt "CERTIFICATE".
There should also be empty lines after the private key and after the certificate.
So the file should look like this:
-----BEGIN RSA PRIVATE KEY-----
[encoded key]
-----END RSA PRIVATE KEY-----
[empty line]
-----BEGIN CERTIFICATE-----
[encoded certificate]
-----END CERTIFICATE-----
[empty line]
The contents of domain-crt.txt has two certificates.
They do not need to be separated.
After all this is done, set your Android app's LAN to use https:// and the real certified domain name, not the IP address (to find that setting, log out and click EDIT).
You can also use your domain instead of an IP address to connect to UI3 without warnings or errors.
When you connect the Android app while on your LAN (same LAN as Chromecast(s), whatever camera view you select can be cast and displayed on the TV...!
It will stay displayed even if you turn off the screen or open a different app (but not if you close the BI app).
Now you can be Scarface and see all your assailants in approaching you in your home, right on the big screen... "Say hello to my little friend!"
One other note:
Apparently Chromecast will only accept an HTTPS connection from a server with a CA-signed certificate (Netflix, Google. etc.).
I use a couple apps that play local video (Videostream for Chromecast the PC and Bubble UPnP on Android).
I think this means those apps must be initially connecting with an HTTPS cloud server even when streaming local stuff within my LAN.
In this Blue Iris case, since you created a real CA-signed HTTPS server on you own PC, the secure connection is made within your own private LAN.
Two other tips (01/18/2019):
1. If you also set the WAN address to https://realcert.domain.com you can cast to others' Chromecast devices (if they let you on the LAN of course). I did it at my daughter's apartment...!
2. If the Blue Iris logo seems to be staying up on the TV too long and not switching to your cams, try swiping left or right on the huge Chromecast icon that appear on the Android's screen where the images would be, or try pressing the home button (without closing the app).
Update (03/09/2019):
Both my Chromecast (1st gen) devices took a firmware update this week (1.32.144770), after which casting from the Android app stopped working completely.
I'm talking black screen on TV, not even a BI banner, and cams still showing on the app screen.
Tried rebooting the BI server and using a different Android device, same result.
So I went out and picked up two new 3rd gen Chromecasts (still $35 ea) to see if they would work.
Before installing the first new one, I went to the Google Home app to disconnect the old one.
In the settings for the device I noticed an item "Use 50Hz HDMI Mode".
Just for one last try, I switched on that setting and casting from the BI app was now working!
This doesn't make sense to me because Google says the setting is a rarely used advanced feature that applies to users in Asia and Europe who are experiencing video stutter during fast action like sports.
I tried a few other cast apps like YouTube, NetFlix, TuneIn and they still work fine.
I thought about returning the new devices but I still wanted to see if they can cast the BI app.
They do, and the 50Hz HDMI Mode setting makes them start the cam streams faster.
I'll just keep the new ones because they seem to start everything fast and they're cheap.
Anyway, if you can't seem to cast from the BI Android app, try switching on the "Use 50Hz HDMI Mode"
Update (09/29/2020)
If anyone still cares (I do), I may have left out the thing that was preventing almost everyone else from successfully using Chromecast.
You need to set Blue Iris to start as a Service in Windows, which means Startup Type is set to Automatic by default.
Then you need Stunnel to also start as a Service (do it in Services in Windows, there's no UI setting) Service, but then go into the Properties of that Service and select Automatic (Delayed Start).
I believe Stunnel needs to activate after Blue Iris web server is up and running.
I've always had to do it this way but finally removing BI4 after BI5 upgrade mucked it up and I was reminded when fixing it.
Some other news: ZeroSSL is no longer an interface to the free LetsEncrypt cert, they have their own cert called ZeroSSL RSA Domain Secure Site CA
But it works providing the proper CA secure connection on your own server, and it's free for up to three domains.
I think the new ZeroSSL interface is simpler and better.
It's not the app's fault, I think https is a Chromecast requirement.
And it requires not only https, but https using a CA-signed SSL certificate.
It is not trivial to get a secure SSL https connection on a home PC running a non-https server like Blue Iris, but with this info it is easy.
To get it working on a you need:
- An https web server proxy call stunnel
- DNS admin access to a registered domain name
- An SSL certificate signed by a trusted CA (certificate authority)
Download and install "stunnel" (.exe file) which provides the https encrypted web proxy.
Then configure the https port by editing the file stunnel.conf (in the \stunnel\config folder under Program Files or Program Files (x86) )
This file needs to contain at least:
[https]
accept = 443
connect = 81
cert = stunnel.pem
TIMEOUTclose = 0
Notes:
- This means stunnel on you BI server will listen on port 443 and make the encrypted connection to your Blue Iris server port 81 (or whatever port you use for BI).
- Your router needs a port forward setting to accept port 443 connections and forward them to your BI server LAN IP port 443, then stunnel will connect that data to Blue Iris.
- You can now connect to your BI server with secure https encryption but it has a self-signed (not trusted) certificate.
You can connect to BI and view camera streams with the UI3 web app and your Android app, but the Android app won't stream video to Chromecast, and your browser in UI3 will alert you that your connection is not secure.
If you don't already have a registered domain name, get one from a registrar.
They will provide admin access to DNS settings.
The first setting is to set up an A Record directing the domain name to your WAN address (the public IP address of your router).
For example if you register the name myserver.com and your public IP address is 185.31.17.133 you might create an A Record with a subdomain like "cams" so that cams.myserver.com will point to 185.31.17.133.
You will also need admin access to create a TXT Record in part 3.
Part 3 (the lucky part):
Fortunately there is a trusted CA (certificate authority) that is free of charge called "LetsEncrypt", and there is an online wizard that creates the required keys and certificates from LetsEncrypt for you called "ZeroSSL".
Go to ZeroSSL.com and select the Online Tools section and the Free SSL Certificate Wizard it will walk you through creating a real SSL cert from LetsEncrypt.
At the start you should select the "DNS Verification" option and give it your domain name such as cams.myserver.com, and of course accept their terms for ZeroSSL and LetsEncrypt.
As you continue with the NEXT button through the steps, it will instruct you to create a specific TXT Record in the DNS settings of your domain to verify ownership, and it will generate a number of text files (four) which you should download and save.
The contents of the final two of those files (domain-key.txt and domain-crt.txt) will replace the contents of your stunnel.pem file (in the \stunnel\config folder under Program Files or Program FIles (x86) ).
Keep the other two files for easy renewal of the cert which is required at most every 90 days.
The text in the file stunnel.pem must contain: 1) the encoded key from domain-key.txt "RSA PRIVATE KEY" first and 2) the encoded certificates from domain-crt.txt "CERTIFICATE".
There should also be empty lines after the private key and after the certificate.
So the file should look like this:
-----BEGIN RSA PRIVATE KEY-----
[encoded key]
-----END RSA PRIVATE KEY-----
[empty line]
-----BEGIN CERTIFICATE-----
[encoded certificate]
-----END CERTIFICATE-----
[empty line]
The contents of domain-crt.txt has two certificates.
They do not need to be separated.
After all this is done, set your Android app's LAN to use https:// and the real certified domain name, not the IP address (to find that setting, log out and click EDIT).
You can also use your domain instead of an IP address to connect to UI3 without warnings or errors.
When you connect the Android app while on your LAN (same LAN as Chromecast(s), whatever camera view you select can be cast and displayed on the TV...!
It will stay displayed even if you turn off the screen or open a different app (but not if you close the BI app).
Now you can be Scarface and see all your assailants in approaching you in your home, right on the big screen... "Say hello to my little friend!"
One other note:
Apparently Chromecast will only accept an HTTPS connection from a server with a CA-signed certificate (Netflix, Google. etc.).
I use a couple apps that play local video (Videostream for Chromecast the PC and Bubble UPnP on Android).
I think this means those apps must be initially connecting with an HTTPS cloud server even when streaming local stuff within my LAN.
In this Blue Iris case, since you created a real CA-signed HTTPS server on you own PC, the secure connection is made within your own private LAN.
Two other tips (01/18/2019):
1. If you also set the WAN address to https://realcert.domain.com you can cast to others' Chromecast devices (if they let you on the LAN of course). I did it at my daughter's apartment...!
2. If the Blue Iris logo seems to be staying up on the TV too long and not switching to your cams, try swiping left or right on the huge Chromecast icon that appear on the Android's screen where the images would be, or try pressing the home button (without closing the app).
Update (03/09/2019):
Both my Chromecast (1st gen) devices took a firmware update this week (1.32.144770), after which casting from the Android app stopped working completely.
I'm talking black screen on TV, not even a BI banner, and cams still showing on the app screen.
Tried rebooting the BI server and using a different Android device, same result.
So I went out and picked up two new 3rd gen Chromecasts (still $35 ea) to see if they would work.
Before installing the first new one, I went to the Google Home app to disconnect the old one.
In the settings for the device I noticed an item "Use 50Hz HDMI Mode".
Just for one last try, I switched on that setting and casting from the BI app was now working!
This doesn't make sense to me because Google says the setting is a rarely used advanced feature that applies to users in Asia and Europe who are experiencing video stutter during fast action like sports.
I tried a few other cast apps like YouTube, NetFlix, TuneIn and they still work fine.
I thought about returning the new devices but I still wanted to see if they can cast the BI app.
They do, and the 50Hz HDMI Mode setting makes them start the cam streams faster.
I'll just keep the new ones because they seem to start everything fast and they're cheap.
Anyway, if you can't seem to cast from the BI Android app, try switching on the "Use 50Hz HDMI Mode"
Update (09/29/2020)
If anyone still cares (I do), I may have left out the thing that was preventing almost everyone else from successfully using Chromecast.
You need to set Blue Iris to start as a Service in Windows, which means Startup Type is set to Automatic by default.
Then you need Stunnel to also start as a Service (do it in Services in Windows, there's no UI setting) Service, but then go into the Properties of that Service and select Automatic (Delayed Start).
I believe Stunnel needs to activate after Blue Iris web server is up and running.
I've always had to do it this way but finally removing BI4 after BI5 upgrade mucked it up and I was reminded when fixing it.
Some other news: ZeroSSL is no longer an interface to the free LetsEncrypt cert, they have their own cert called ZeroSSL RSA Domain Secure Site CA
But it works providing the proper CA secure connection on your own server, and it's free for up to three domains.
I think the new ZeroSSL interface is simpler and better.
Last edited:
