Project

General

Profile

Actions
Copy link

Bug #11274

open

ntopng https web server does not present full certificate chain

Added by Martin Bartosch over 1 year ago. Updated over 1 year ago.

Status:
Feedback
Priority:
Normal
Assignee:
Viktor Gurov
Category:
ntop
Target version:
-
Start date:
01/21/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

The https protected web frontend (port 3000) of ntopng 0.8.13_6 (tested on pfSense CE 2.4.5_1) does not work correctly with certificates which have a longer CA certificate chain than 1.

The https web server seems to use the same certificate as the web configurator frontend. It does not send the intermediate CA certificates in the https handshake, though. This results in a certificate error on the relying party (web browser) because the certificate chain of the EE certificate cannot be validated.

Suggested solution: build the certificate chain of the web server certificate. Send all certificates of the certificate chain, excluding the Root CA certificate.

Actions
Copy link
 #2

Updated by Jim Pingle over 1 year ago

  • Status changed from New to Pull Request Review
Actions
Copy link
 #3

Updated by Renato Botelho over 1 year ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Viktor Gurov

PR has been merged. Thanks!

Actions
Copy link

Also available in: Atom PDF