Feature #6795
closedUser certificate for webGUI login
0%
Description
It would be practical to allow the administrator to enable user certificate required for webGUI signin.
This would allow remote administration without exposing the box to brute force password attacks.
According to Nginx documentation enabling the feature is pretty simple:
ssl_client_certificate /path/to/ca.crt;
ssl_verify_client optional; # or `on` if you require client key
Challenges:
1. An internal-ca or externally imported CA isn't actually stored as a file anywhere in the filesystem, Nginx needs to point to a file to do user certificate validation. The config file manager would need some sort of hook to write out the CA to the filesystem, perhaps in the /cf partition.
2. Nginx config file is built dynamically, so this change would need to hook into the building process of the file.