2016-03-30 - Re: [GRASE-Hotspot] Can portal be secure? https

Header Data

From: Sebastian Schneider <se***r@gmail.com>
Message Hash: adc5aba93f835fcc0550d29801bdd1d415555bc1e10ccbfbc600a63726065142
Message ID: <293b318e-7b39-46d5-b142-774f2a91dfd8@grasehotspot.org>
Reply To: <CAESLx0L_+zSGGhg8bmTZLotY4syec1ithpZ+=BAkxO6gAXWV1Q@mail.gmail.com>
UTC Datetime: 2016-03-30 07:18:06 UTC
Raw Date: Wed, 30 Mar 2016 07:18:06 -0700

Raw message 

Hi Tim,
thanks for that idea. It was obvious but I didn't think about it.
The problem was mixed content, so http traffic in a https session. 
jqchilli.js call: 
var urlRoot = 'http://' + chilliController.host + ':' + chilliController.
port + '/json/'; // TODO make this dynamic
in line 38.
In line 22 and 23 I changed to host var to my DNS Hostname (fitting to the 
cert) and changed to port to 4990.
In my /etc/chilli/config I added:
HS_UAMUISSL=on
HS_REDIRSSL=on
HS_SSLKEYFILE= /path/to/private_key
HS_SSLCERTFILE=/path/to/cert

The hosts file of the Controller resolves the CN Name of the cert to 
10.1.0.1

Now I have SSL enabled, without any errors. 

Regards

Se

Am Dienstag, 29. März 2016 13:05:34 UTC+2 schrieb timwhite88:
>
> Hi Sebastian
>
> Off the top of my head, I'm not sure what the problem is. Try using the 
> browser developer tools to see any error messages you can see.
>
> Feel free to open an issue for it and when I get a chance I'll have a poke 
> as well.
>
> Regards
>
> Tim
>
> On Tue, Mar 29, 2016 at 8:26 PM, Sebastian Schneider <se***.@gmail.com 
> <javascript:>> wrote:
>
>> Hi Karotu, hi Tim,
>>
>> with the risk of annoying everyone, I tried to enable SSL yesterday, as I 
>> did before with coova. The CHAP mechanism FAILS when SSL is enabled. In any 
>> case, that shouldn't be the normal, right?
>> I do have a valid CA signed Certificate (startssl, soon letsencrypt) and 
>> my grasehotspot is resolving my address via a local hosts entry. So 
>> internally(connected via hotspot) it's resolving to my controller, 
>> public(not connected via my controller) it's resolving to my website.
>>
>> So apache and everything is running fine, no warnings, no nothing. But I 
>> have to use the "non-secure" variant of the captive portal (non JS version, 
>> non CHAP version) to login successfully, when using HTTPS.
>> I had a look in the ChilliLibrary.js but without any luck.
>>
>> Any ideas from your side?
>>
>> Best
>>
>> Sebastian
>>
>>
>>
>> Am Sonntag, 9. März 2014 21:43:34 UTC+1 schrieb karotu:
>>>
>>> Hi,
>>>
>>> Is it possible to make login secure with https?
>>>
>>> Thanks.
>>>
>>> Karotu
>>>
>>> -- 
>>> ----------------------------------
>>> Karotu Tannang
>>> Nauoi IT Services
>>> Behind BOK, Betio / PO Box 46, Bairiki
>>> Tarawa, KIRIBATI
>>> Mobile: +686 94038
>>> Like Us on Facebook: http://www.facebook.com/nauoionline
>>>
>>>
>>> -- 
>> This mailing list is for the Grase Hotspot Project 
>> http://grasehotspot.org
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "Grase Hotspot" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to gr***.@grasehotspot.org <javascript:>.
>> To post to this group, send email to gr***.@grasehotspot.org 
>> <javascript:>.
>> Visit this group at 
>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>> To view this discussion on the web visit 
>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/73b262da-42ff-451f-b538-96550a7a706b%40grasehotspot.org 
>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/73b262da-42ff-451f-b538-96550a7a706b%40grasehotspot.org?utm_medium=email&utm_source=footer>
>> .
>>
>
>

Thread