Project

General

Profile

Feature #10140

allow to select webserver certificate

Added by Viktor Gurov 9 months ago. Updated 8 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
pfBlockerNG
Target version:
-
Start date:
12/31/2019
Due date:
% Done:

0%

Estimated time:

Description

This feature allow user to select certificate for internal webserver of pfBlocker (lighttpd)
It saves the old /var/unbound/dnsbl_cert.pem file for backward compatibility (Default (auto) cert) and creates a new /var/unbound/dnsbl_web_cert.pem

On each 'update' it compares the fingerprint of cert from the config and cert from this file, and if it's different, updates the dnsbl_web_cert.pem file.
(maybe there is a more elegant way to verify that the certificate is changed)

https://github.com/pfsense/FreeBSD-ports/pull/736

History

#1 Updated by Jim Pingle 9 months ago

  • Status changed from New to Pull Request Review

#2 Updated by Viktor Gurov 8 months ago

  • Status changed from Pull Request Review to Closed

we discussed this with BBcan177 - this is unnecessary

I think this can be useful only if the company uses a special internal policy that allows only specific (int CA) certificates to be used in any software.

Also available in: Atom PDF