Control4 Discussion Board

You need to log in to create posts and topics.

Definitive Composer and Director Install Guide + 1 Year Cert Renewal

**Updated 1/26/20 to include 3.1.1 install and changes
**The guide now has a section broken out for the 1 Yr Cert Renewal and another for controller registration

Common commands and information.
Default Controller User and Pass:
Username: root
Password: t0talc0ntr0l4!
(3.1.1 NOTE - Once Composer connects the password will automatically be changed. Details below.)

Commands to add root user and password:
Command to add new user: adduser USER
Command to change password: passwd
Composer 3.1.1 is slightly different than previous versions. - Run Composer and right click on the controller before connecting and it will bring up a Terminal session. You need to change the root password so that you can SCP the clientca-prod.pem file to the controller. Type "passwd" then enter a new password. You now have root access with a password. **NOTE: After you connect to your controller via Composer 3.1.1, the root password will be removed so this step must happen any time you need to SCP to the controller to update the clientca-prod.pem certs. Or, set up a new user with root access.  Details below.

Adding permanent root user access:
Type adduser USER with USER being the name of the user you are creating. Enter your chosen password. Verify it.
Normally you could use the usermod command but it isn't available. So edit /etc/passwd
Look for the line with the user name you just created.
user:$kdlskfj.$dklj.$jklj/:XXX:XXX:Linux User,,,,blahblahblah. Change whatever number is in both XXX spots to 0:0.
user:$kdlskfj.$dklj.$jklj/:0:0:Linux User,,,,blahblahblah
Save the file. Reboot.
You now have a new user with root access

Hey guys, I just threw this together so it would be great if you can provide comments or information to make sure it's correct.   I've placed the correct files in the download.

Definitive Install Guide

Items Needed:
Composer 2.5.3
Composer 2.5.3 Composer.exe (cracked) "Special Exe"
Certs (ca.pem and ca_cert.pem)
Composer 3.1.x (Composer 3.1.1 has some slightly different instructions)
MeeKah Composer Patch (No longer needed in 3.1.x)
Director Patch (Just the clientca-prod.pem certs which have been extracted in the below zip file) (No longer needed in 3.1.x)
C4_Cert_Replacement_Patch
C4_Device_Image_Updater_V2
WinSCP

If someone can upload or link the files above, that would be great.

A Helpful link:
For a quick way to search for Drivers without going into Composer you can go here:
http://drivers.control4.com/solr/drivers/browse?q=

All User Manuals are now accessable through Composer 3.1.x

****UPDATED TO BRING 1 YR CERT RENEWAL TO ITS OWN SECTION****

1.Make sure you have Composer 2.5.3 installed.
2.Rename 2.5.3 Composer.exe to a backup (Composer Bak.exe) then copy the "Special Exe" Composer.exe into the directory.  Run Special Composer.exe.  Fill in email and password.  Click OK.

If email and password form doesn't come up when you start Composer, delete composer.p12 from the \AppData\Roaming\Control4\Composer folder and re-run or re-copy over the Composer 2.5.3 Composer.exe (cracked) "Special Exe".  Run Composer.exe.  It should come up at this point and is needed to update one of the cert files.  Verify that (ca_cert.srl, composer.p12 and openssl.conf) files have been created and updated.  composer.p12 is the file which needs to be generated every year and this is how you update it.

*****Register Controller****

You can register your controller in 3.x with a couple of ComposerPro.exe.config changes. These may also work in 2.10 but I never tested.

Changing ComposerPro.exe.config:
Under Web change:
key="LicensingURL" value="false"
key="DealerAccountLocatorURL" value="false"

This change allows you access to Account Services, where you can register your controller, and bypasses the initial login dialog. By changing this config, there is also no need for MeeKah Patch.

***Install Guide****

Starting out, and for hygiene, do the following:
- Uninstall all versions of ComposerPro/HE/etc.
- Remove Control4 Directory in - \Program Files (x86)\Control4 or C:\Program Files\Control4
- Remove Control4 Directory in - \Users\xxxx\AppData\Roaming\Control4

That should be all you need to "start fresh".

1. Install Composer 2.5.3 (Do not run yet.)

2. Copy Cert files ca.pem and ca_cert.pem to \AppData\Roaming\Control4\Composer folder

3. Go to "Program Files (x86)\Control4\Composer253" Rename 2.5.3 Composer.exe to a backup (Composer Bak.exe) then copy the "Special Exe" Composer.exe into the directory.  This special Composer.exe will be the one that causes the ca_cert.srl, composer.p12 and openssl.conf files to be created.

4. Run the Special Composer.exe and you will be presented with a login dialog box. Type in an email and password (it doesn't matter what they are) and submit. (You should check to make sure the files, I mentioned above, show up in the \AppData\Roaming\Control4\Composer folder).  If the composer.p12 file is not created, recopy the Special Exe and rerun.

5. **Edit - The Director Patch isn't used any longer, so please use the following steps instead.  They always work.  If you are using 2.10 or earlier use the Director Patch clientca-prod.pem (Step 5b). The cert you need, clientca-prod.pem, is already extracted and located in the download of this post. If you are using 3.x use the ca_cert.pem certs (Step 5c).
***Use WinSCP to copy over clientca-prod.pem to your controller.

Open Director Patch Folder

5a. WinSCP into the Controller (Director)
- Use WinSCP to connect to Controller via SSH - Use SCP type connection

Controller user and Pass (Use above instructions to log into 3.1.1)
Username: root
Password: t0talc0ntr0l4!

- Go to /etc/openvpn and Copy or Backup clientca-prod.pem to your desktop.  Copy "Director Patch" version of clientca-prod.pem onto controller if using 2.10 or earlier. Reboot the Controller. You can also use the System Manager to disable Director and Broker services and then reenable them. This should also work but a reboot will always work.

- This previous step will get your controller up and running but you will need to merge the certs from the controller and the Director Patch clientca-prod.pem (2.10 or earlier) or ca_cert.pem certs (3.0 or later). See 5b or 5c below.

Previous steps for all versions of Composer/Controller software up to 3.0
5b. You should concatenate the two clientca-prod.pem files from your Controller and the Director Patch.  Using the two clientca-prod.pem files mentioned above (one from the Controller and one from the Director Patch), open the one from the Controller and go to the end of the file.  Add "Director Patch" clientca-prod.pem certs.  You now have a "good" cert file.  WinSCP back into the Controller and upload this new clientca-prod.pem file to /etc/openvpn.  Reboot the Controller.

New steps for Composer/Controller software 3.0 and above - These should work for versions 2.10 but are confirmed for 3.0 and up.
5c. For Composer 3.x, you should concatenate the clientca-prod.pem file from your Controller and the cert from the ca_cert.pem file to the end. To do this, open the clientca-prod.pem file you downloaded from your Controller and go to the end of the file.  Add the ca_cert.pem cert.  You now have a "good" cert file.  WinSCP back into the Controller and upload this new clientca-prod.pem file to /etc/openvpn.  Reboot the Controller.

6. Now install the version of Composer you want to use (2.10.x, 3.x) and edit the following. Make a backup of composerPro.exe.config in the Control4/Controller directory and then edit the original with Notepad.
Under Web change:
key="LicensingURL" value="false"
key="DealerAccountLocatorURL" value="false"

7. Start the new composer and upgrade your controller.  After this you will have to patch the director/controller again using the above WinSCP method.

8. *If you need to register your controller for first time use, use these additional instructions:

To register a controller first build a project and add a controller in Composer.  Then link the controller under with the IP/SDDP address in connections.  After that go back and register the controller under Tools -> Account Settings. Exit Composer.

9. That should be everything to get you up and running

If you see the Json error:

**************For the Json issues:

Replace Composer 2.5.3 Composer.exe with the "Special Exe" one (the one that causes the ca_cert.srl, composer.p12 and openssl.conf files to be created.  - Re-copy the special composer to 2.5.3 and re-run steps above to complete the email and pass.  This will create the composer.p12.

***********************

Another step(s) if using older version:

0. If running a controller older than 2.10.2 run the C4_Cert_Replacement_Patch to update the certs on it to the latest ones. This should also fix controller "check in" issues if you had them.

6. Copy over the Director Patch clientca-prod.pem so your controller has the correct cert as if you had it patched before step 0 overwrote it.

Uploaded files:

This is awesome - thanks for posting!

 

I'm behind the times on all this, having moved and not brought (much) Control4 with me. However, I can "sticky" this post now or wait to see if there's any further feedback...?

Thanks,

I've compiled all this information through reading and trial and error and most of the questions involving upgrades and certs etc is all contained here.  If you could sticky, I believe it will be worth while.  Thanks.

Renamed the title to better reflect what it's about.

Thank you! This is exactly what I was looking for, an up to date guide.

 

I want to add some things that I learned. If you have an older hc250 system, perhaps you purchased it from ebay:

1. Start by doing a factory reset. You may end up on firmware 2.5.3 but you may end up on an older one.

2. Either way, you must do the C4_Cert_Replacement_Patch first before you do anything else.

3. After the patch, then add the clientca-prod.pem entries.

4. That will allow you to both connect with the patched Composer 2.5.3 and to register the unit. To register, simply create a control4 account, choose a random dealer when asked, and then get your registration code. Connect with the patched Composer 2.5.3, select Account Services from the upper menu bar. Put in your registration code, and you should be set. If you get an SSL error, you probably didn't do the C4_Cert_Replacement_Patch, or you may have accidentally wiped the patch by doing a factory reset/install.

5. Once you are registered, you can update to any version you want using either the composer update tool or the control4 image updater tool. After any install, you must do the clientca-prod.pem to connect again with Composer. If you get an ssl error while trying an update, you again may need to do the C4_Cert_Replacement_Patch.

 

I hope that helps. I spent hours figuring this stuff out.

Thanks Mark55,

Your instructions are better than my "Additional Instructions Step 0)" above.
I wanted to pass along some additional info that I found out this weekend.  I did a factory reset on my EA1, somewhat unintentionally.

The C4_Cert_Replacement_Patch is important because it contains RSA certs that allow it to authenticate with the Control4 servers.  So, ALL versions of Control4 Directors will need to be running with this cert or you won't be able to register or update your system.  

One big issue I ran into was that I forgot to back up my config after I had upgraded to 3.0 the first time.  When I did a factory reset, my director was downgraded to 2.9.  When I upgraded, using the steps above, including the C4_Cert_Replacement_Patch, I was unable to load my 2.10 config into Composer 3.0 because Control4 Composer removed some of the Agents (4Store, others.).  You would think that the Composer software would be smart enough to let you remove the Agent when trying to load it.  It won't.  I had to downgrade to 2.10 (Using the C4_Device_Image_Updater), load the config, remove the Agents, then upgrade back to 3.0.  After that, everything went well.  I wish I would have backed up the config first as it would have saved many, many steps.

Have the certs changed in the last year?

Last time I made a change to my project was almost a year ago on 09/10/2018

A coupe of weeks ago I started having issues with controlling some devices other than lights with Alexa.

Eventually realized my 4sight had recently expired so activated again.  Even after this I still had issues with turning on other devices.

This morning I tried to connecting from Composer 2.10.2 using exactly the same setup I had previously except for a Windows update (I use a VM) and now I get an error "Exception: Error reading JToken from JsonReader.Path ", line 0, postition 0.'.

Reading other thread based on this error I should be able to open Compose 2.5.3

http://www.davidsonfamily.ca/discussion-board/topic/broker-is-not-connected-error-on-2-8-2-9/

"In case anyone goes through the whole process. Make sure to keep 2.5.3 installed. About a month after installing 2.9.0 I got the broker not connected error. I tried just about everything and couldn’t get it fixed. I realized that anything under 2.8 would allow me to login but since it’s old I could not make changes… this let me to try other versions. When I opened 2.5.3 it asked me for my control4 login. After entering it I was able to use 2.9 composer so it looks like it updates the certificates. This will save a lot of hassle the next time the certificates expire."

However when I open 2.5.3 it doesn't prompt for a user ID or password.  I did not login to my controller.

Thanks,

[EDIT]

I checked my /etc/openvpn directory and noticed that client.pem and client.key files where updated, so I copied the files had had from a year ago (I had backups).

I then disable director, disabled broker, enabled director, enabled broker and still have the connection problem

emont69,
If you go back and read post #1 you will see a note about the JSON issue you are encountering.  It is at the end of the guide.  You are getting the JSON notice because composer.p12 hasn't been created or has expired.  It sounds like you have used the MeeKah Patch on 2.5.3, since you aren't getting the email and password login screen any longer.  You need to replace the 2.5.3 composer.exe file with the "special 2.5.3 composer.exe" file and then connect to your controller.  Again, make sure composer.p12 gets created and you will be good to connect with any version of Composer after applying the Meekah Patch.

You will have to use 2.5.3 with the special composer.exe to regenerate the composer.p12 file every year.  So, don't remove 2.5.3, you will need it, and don't Meekah patch it, there is no need.

I hope that gets you up and running.  It should resolve your issues.

Quote from emont69 on August 31, 2019, 11:34 am

Have the certs changed in the last year?

[EDIT]

I checked my /etc/openvpn directory and noticed that client.pem and client.key files where updated, so I copied the files had had from a year ago (I had backups).

I then disable director, disabled broker, enabled director, enabled broker and still have the connection problem

emont- I went through this last night in a different fashion after my 4sight stopped working. My composerPro still worked on  2.10.6 but i was trying to upgrade to 3.0 as I acquired new touch screens. The update ran fine but then my issues compounded outside of 4Sight.

I did a few things. 1. SCP the clientca_prod.pem to the director and restarted. 2. Opened up 2.5.3 special exe via Run as Administrator, which did get me the prompt to login. however I will note that the last time I had to login to control4 site and unregister my controller first and then re-register. 3. Clicked through dozens of warning prompts and closed 2.5.3 special exe. 4. Ran composerpro just fine

This is assuming you had a working setup after the May 2018 certificate patching. If you did not then you likely need to reinstall your composer setup, the process to update otherwise is a tad cumbersome and prone to a cyclical process.

Thanks for the help I got it to work with the following

Uninstall Composer 2.5.3

Cleaning the  \Users\xxxx\AppData\Roaming\Control4\Composer directory

1. Install Composer 2.5.3 (Do not run yet!)

2. Copy Cert files ca.pem and ca_cert.pem to \Users\xxxx\AppData\Roaming\Control4\Composer folder

3. Go to "Program Files (x86)\Control4\Composer253" Rename 2.5.3 Composer.exe to a backup (Composer Bak.exe) then copy the "special exe" Composer.exe into the directory.

4. Run the new Composer.exe and type in any email and password and submit.

5. Run the Director Patch