|
|
Subscribe / Log in / New account

HTTPS-only mode (is briefly mentioned and I recommend to LWN readers)

HTTPS-only mode (is briefly mentioned and I recommend to LWN readers)

Posted Jun 12, 2024 12:41 UTC (Wed) by zdzichu (subscriber, #17118)
In reply to: HTTPS-only mode (is briefly mentioned and I recommend to LWN readers) by dskoll
Parent article: Firefox 127.0 released

Or better, get a TLS certificate signed by your internal CA. Some CA implementation provide ACME support, and `cert-manager` can also speak other provider's protocols.

There is no excuse for missing HTTPS even on internal sites.

to post comments

HTTPS-only mode (is briefly mentioned and I recommend to LWN readers)

Posted Jun 12, 2024 14:57 UTC (Wed) by mathstuf (subscriber, #69389) [Link] (2 responses)

Alas, when the certificate expires and can only be updated via the web management interface, accessing your NAS when Firefox says "but it looks insecure" is an exercise in frustration. Luckily I use FreeNAS where one *can* just go and poke the backing database…

TLS certificates and embedded systems

Posted Jun 12, 2024 18:59 UTC (Wed) by DemiMarie (subscriber, #164188) [Link] (1 responses)

Then use a reverse proxy where the certificate can be reasonably updated.

TLS certificates and embedded systems

Posted Jun 12, 2024 20:03 UTC (Wed) by mathstuf (subscriber, #69389) [Link]

Probably could do that *now*, but there was a chicken-egg problem where the NAS was configured to redirect to HTTPS; I suspect any reverse proxy would have been told to stuff it when it tried to do the proxying too. In any case, I *do* have access to a wildcard certificate in this case and can use it. But figuring out how to get there was an interesting spelunk and hoping my SQL command did what I thought it should do.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds