Bug #11274
closed
ntopng https web server does not present full certificate chain
0%
Description
The https protected web frontend (port 3000) of ntopng 0.8.13_6 (tested on pfSense CE 2.4.5_1) does not work correctly with certificates which have a longer CA certificate chain than 1.
The https web server seems to use the same certificate as the web configurator frontend. It does not send the intermediate CA certificates in the https handshake, though. This results in a certificate error on the relying party (web browser) because the certificate chain of the EE certificate cannot be validated.
Suggested solution: build the certificate chain of the web server certificate. Send all certificates of the certificate chain, excluding the Root CA certificate.
Updated by Viktor Gurov almost 4 years ago
Updated by Jim Pingle almost 4 years ago
- Status changed from New to Pull Request Review
Updated by Renato Botelho almost 4 years ago
- Status changed from Pull Request Review to Feedback
- Assignee set to Viktor Gurov
PR has been merged. Thanks!
Updated by Azamat Khakimyanov 8 months ago
- Status changed from Feedback to Resolved
I was able to reproduce this issue on 21.02.2: I didn't see full certificate chain when I opened NtopNG web page.
When I tested the same config on 24.03, I saw the full certificate chain so I marked this Bug as resolved.