Todo #63
closed
Change web interface default to HTTPS
100%
Description
The web interface needs to change to HTTPS by default, probably with an auto redirect from HTTP to HTTPS to avoid user error support issues and invalidating all the existing information across the Internet.
A self-signed cert will have to be generated at first boot for new installs.
Updated by Scott Ullrich over 14 years ago
Are we proposing that HTTP no longer function as the webConfigurator and simply redirects to https?
What happens if the certificate somehow gets corrupted?
This is a novel idea but I question if we want this in 2.0. 3.0 seems more appropriate for this risky of a change.
Updated by Jim Pingle over 14 years ago
In this scenario would there also be a way to change back to HTTP if the user so chooses?
The way that browsers freak out these days about self-signed certificates, it might be a good idea to at least have it switch during the setup wizard, perhaps with some warning (and a means to opt out of the change?) as to what is about to happen.
At least at that point it should be fairly secure, since access to the interface would only be coming from the LAN.
Updated by Scott Ullrich over 14 years ago
- Priority changed from Normal to Very Low
Updated by Chris Buechler over 14 years ago
- Priority changed from Very Low to Normal
This is important for 2.0. Not one modern security appliance ships defaulted to HTTP. It's fine to allow people to switch back to HTTP if they so desire, but the majority run with the defaults from what I've seen, and we shouldn't have such an inappropriate default. There shouldn't ever be certificate problems (there are at this moment, granted, but once that bug is fixed it should be impossible to see cert problems aside from new bugs), but Set LAN IP can offer to revert to HTTP in such a case.
Updated by Scott Ullrich over 14 years ago
- Status changed from New to Feedback
Committed. Seems to work. Please test.
Updated by Chris Buechler over 14 years ago
- Status changed from Feedback to New
This works, but it needs to generate the cert at first boot as stated. Using a hard coded default cert is a major security problem, the cert cannot be publicly available.
Updated by Scott Ullrich over 14 years ago
I disagree with this. I do not think it is a good thing to need to prompt the user for 7+ items (cert authority items) on bootup to gain access to the webConfigurator.
Updated by Chris Buechler over 14 years ago
Don't have to prompt for anything, can generate a self-signed cert on the fly without any prompting. Just run:
openssl genrsa 1024 > ssl.key
chmod 400 ssl.key
openssl req -new -x509 -nodes -sha1 -days 365 -key ssl.key > ssl.crt
chmod 400 ssl.crt
HTTPS with a key that's public provides 0 security, and worse, implies security.
Updated by Scott Ullrich over 14 years ago
So generate a key outside of the new cert framework. Got it.
Updated by Scott Ullrich over 14 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
Applied in changeset aab4ca82f485d1ca2f628c5674cd648b87104352.
Updated by Chris Buechler over 14 years ago
- Status changed from Resolved to New
- % Done changed from 100 to 90
This isn't quite done, to avoid support issues we need to redirect from HTTP to HTTPS (as a few other similar projects do) by default, with an option to disable. I have the config changes needed done, but need lighty's mod_redirect included in the builds before that can be committed.
need:
/usr/local/lib/lighttpd/mod_redirect.*
Also, lighttpd is 1.4.23, and 1.4.25 is the current FreeBSD port. 1.4.25 has many bug fixes, so we should probably bump the version.
Updated by Scott Ullrich over 14 years ago
We already have 1.4.25
builder# cd /home/pfsense/tools/pfPorts/lighttpd/
builder# cat Makefile | grep VERSION
PORTVERSION= 1.4.25
Updated by Chris Buechler over 14 years ago
That's not what is in 2.0 snapshots.
[root@pfS2.0-scratch1.buechler.local]/root(1):lighttpd -v
lighttpd/1.4.23 (ssl) - a light and fast webserver
Build-Date: Nov 5 2009 17:41:08
[root@pfS2.0-scratch1.buechler.local]/root(2):cat /etc/version
2.0-BETA1
[root@pfS2.0-scratch1.buechler.local]/root(3):uname -a
FreeBSD pfS2.0-scratch1.buechler.local 8.0-RELEASE-p1 FreeBSD 8.0-RELEASE-p1 #0: Sat Dec 26 10:16:35 EST 2009 sullrich@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8 i386
Updated by Chris Buechler over 14 years ago
Trying that again.
[root@pfS2.0-scratch1.buechler.local]/root(1):lighttpd -v lighttpd/1.4.23 (ssl) - a light and fast webserver Build-Date: Nov 5 2009 17:41:08 [root@pfS2.0-scratch1.buechler.local]/root(2):cat /etc/ver version version.lastcommit version_kernel version.buildtime version_base [root@pfS2.0-scratch1.buechler.local]/root(2):cat /etc/version 2.0-BETA1 [root@pfS2.0-scratch1.buechler.local]/root(3):uname -a FreeBSD pfS2.0-scratch1.buechler.local 8.0-RELEASE-p1 FreeBSD 8.0-RELEASE-p1 #0: Sat Dec 26 10:16:35 EST 2009 sullrich@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8 i386
Updated by Scott Ullrich over 14 years ago
- Status changed from New to Feedback
Should be the latest on the snap just posted.
Updated by Chris Buechler over 14 years ago
- Status changed from Feedback to Resolved
- % Done changed from 90 to 100