Project

General

Profile

Todo #63

Change web interface default to HTTPS

Added by Chris Buechler almost 10 years ago. Updated over 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
Start date:
08/26/2009
Due date:
% Done:

100%

Estimated time:

Description

The web interface needs to change to HTTPS by default, probably with an auto redirect from HTTP to HTTPS to avoid user error support issues and invalidating all the existing information across the Internet.

A self-signed cert will have to be generated at first boot for new installs.

Associated revisions

Revision 326d2b8a (diff)
Added by Scott Ullrich over 9 years ago

Make the default HTTPS. Ticket #63

Revision f1755af4 (diff)
Added by Scott Ullrich over 9 years ago

Adding default SSL certs to import. Ticket 63

Revision 02b383fe (diff)
Added by Scott Ullrich over 9 years ago

Assign unique ref and commit certificate. Ticket #63

Revision f8a36d95 (diff)
Added by Scott Ullrich over 9 years ago

Setup a_cert and a_ca for write_config() Ticket #63

Revision c687a927 (diff)
Added by Scott Ullrich over 9 years ago

Call file_exists for each file. Ticket #63

Revision eac1acd9 (diff)
Added by Scott Ullrich over 9 years ago

Do not output done twice Ticket #63

Revision 0cdaaa8e (diff)
Added by Chris Buechler over 9 years ago

Generate a certificate at first boot rather than using a default public cert/key pair. Ticket #63

Revision aab4ca82 (diff)
Added by Scott Ullrich over 9 years ago

Automatically generate a certificate Resolves #63

Revision a3e027f6 (diff)
Added by Scott Ullrich over 9 years ago

Use /tmp/ssl.key Ticket #63

Revision d7e230ae (diff)
Added by Chris Buechler over 9 years ago

Add redirect from HTTP to HTTPS. Ticket #63

History

#1 Updated by Scott Ullrich almost 10 years ago

Are we proposing that HTTP no longer function as the webConfigurator and simply redirects to https?

What happens if the certificate somehow gets corrupted?

This is a novel idea but I question if we want this in 2.0. 3.0 seems more appropriate for this risky of a change.

#2 Updated by Jim Pingle almost 10 years ago

In this scenario would there also be a way to change back to HTTP if the user so chooses?

The way that browsers freak out these days about self-signed certificates, it might be a good idea to at least have it switch during the setup wizard, perhaps with some warning (and a means to opt out of the change?) as to what is about to happen.

At least at that point it should be fairly secure, since access to the interface would only be coming from the LAN.

#3 Updated by Scott Ullrich over 9 years ago

  • Priority changed from Normal to Very Low

#4 Updated by Chris Buechler over 9 years ago

  • Priority changed from Very Low to Normal

This is important for 2.0. Not one modern security appliance ships defaulted to HTTP. It's fine to allow people to switch back to HTTP if they so desire, but the majority run with the defaults from what I've seen, and we shouldn't have such an inappropriate default. There shouldn't ever be certificate problems (there are at this moment, granted, but once that bug is fixed it should be impossible to see cert problems aside from new bugs), but Set LAN IP can offer to revert to HTTP in such a case.

#5 Updated by Scott Ullrich over 9 years ago

  • Status changed from New to Feedback

Committed. Seems to work. Please test.

#6 Updated by Chris Buechler over 9 years ago

  • Status changed from Feedback to New

This works, but it needs to generate the cert at first boot as stated. Using a hard coded default cert is a major security problem, the cert cannot be publicly available.

#7 Updated by Scott Ullrich over 9 years ago

I disagree with this. I do not think it is a good thing to need to prompt the user for 7+ items (cert authority items) on bootup to gain access to the webConfigurator.

#8 Updated by Chris Buechler over 9 years ago

Don't have to prompt for anything, can generate a self-signed cert on the fly without any prompting. Just run:

openssl genrsa 1024 > ssl.key
chmod 400 ssl.key
openssl req -new -x509 -nodes -sha1 -days 365 -key ssl.key > ssl.crt
chmod 400 ssl.crt

HTTPS with a key that's public provides 0 security, and worse, implies security.

#9 Updated by Scott Ullrich over 9 years ago

So generate a key outside of the new cert framework. Got it.

#10 Updated by Scott Ullrich over 9 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#11 Updated by Chris Buechler over 9 years ago

  • Status changed from Resolved to New
  • % Done changed from 100 to 90

This isn't quite done, to avoid support issues we need to redirect from HTTP to HTTPS (as a few other similar projects do) by default, with an option to disable. I have the config changes needed done, but need lighty's mod_redirect included in the builds before that can be committed.

need:
/usr/local/lib/lighttpd/mod_redirect.*

Also, lighttpd is 1.4.23, and 1.4.25 is the current FreeBSD port. 1.4.25 has many bug fixes, so we should probably bump the version.

#12 Updated by Scott Ullrich over 9 years ago

We already have 1.4.25

builder# cd /home/pfsense/tools/pfPorts/lighttpd/
builder# cat Makefile | grep VERSION
PORTVERSION= 1.4.25

#13 Updated by Chris Buechler over 9 years ago

That's not what is in 2.0 snapshots.

[]/root(1):lighttpd -v
lighttpd/1.4.23 (ssl) - a light and fast webserver
Build-Date: Nov 5 2009 17:41:08
[]/root(2):cat /etc/version
2.0-BETA1
[]/root(3):uname -a
FreeBSD pfS2.0-scratch1.buechler.local 8.0-RELEASE-p1 FreeBSD 8.0-RELEASE-p1 #0: Sat Dec 26 10:16:35 EST 2009 sullrich@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8 i386

#14 Updated by Chris Buechler over 9 years ago

Trying that again.

[root@pfS2.0-scratch1.buechler.local]/root(1):lighttpd -v
lighttpd/1.4.23 (ssl) - a light and fast webserver
Build-Date: Nov  5 2009 17:41:08
[root@pfS2.0-scratch1.buechler.local]/root(2):cat /etc/ver
version             version.lastcommit  version_kernel      
version.buildtime   version_base        
[root@pfS2.0-scratch1.buechler.local]/root(2):cat /etc/version
2.0-BETA1
[root@pfS2.0-scratch1.buechler.local]/root(3):uname -a
FreeBSD pfS2.0-scratch1.buechler.local 8.0-RELEASE-p1 FreeBSD 8.0-RELEASE-p1 #0: Sat Dec 26 10:16:35 EST 2009     sullrich@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8  i386

#15 Updated by Scott Ullrich over 9 years ago

  • Status changed from New to Feedback

Should be the latest on the snap just posted.

#16 Updated by Chris Buechler over 9 years ago

  • Status changed from Feedback to Resolved
  • % Done changed from 90 to 100

Also available in: Atom PDF