2023-01-23 - Re: [GRASE-Hotspot] Can portal be secure? https

Header Data

From: Deepak Kaushik <de***3@gmail.com>
Message Hash: fc5faa9e23ce9a0f7b4d7157015fe4dcc096ac888b80c0ca307cbda81b5450d9
Message ID: <a4ceb26e-0e27-48b0-83d3-efbf4522539en@grasehotspot.org>
Reply To: <CAHoMbhc06jUzd=EePwgCSfFjrf7wPSdmsD8o8tvTQ-EFZkwiSg@mail.gmail.com>
UTC Datetime: 2023-01-23 02:25:42 UTC
Raw Date: Mon, 23 Jan 2023 01:25:42 -0800

Raw message

Hi Tim,

I am also trying to move uam to ssl but it is not working correctly is 
there any process or steps that we can follow to move uam to https as iOS 
new version will only allow to open https pages.

On Friday, April 1, 2016 at 11:41:43 PM UTC+5:30 he***.@gmail.com wrote:

> Wow! Thanks Sebastian Schneider, I guess I better looking to enable SSL on 
> grase too....digging up your tutorial! Thanks.
> On Apr 1, 2016 4:32 PM, "Sebastian Schneider" <se***.@gmail.com> wrote:
>
>> Hi Henry,
>>
>> SSL in combination with HTTP is (going to be) the standard for Web.
>> In our case I think it is a good idea to enable a secure way to log into 
>> the portal for *everyone*. 
>> If anyone is facing a problem with javascript, they are forced to use the 
>> non-js version of the captive portal. In that case a Man-in-the-Middle 
>> attack is trivial and credentials of YOUR wireless network can get in the 
>> wrong hands. It's not necessarily just the users problem but yours.
>> Another point is: Many people use noscript or similar programs to block 
>> javascript. And I fully understand their decision. 
>> For exactly these cases we can make sure that the authentication on our 
>> captive portal is safe.
>>
>> Using an unencrypted wireless network is insecure for the user anyway. 
>> But at least I want to try everything possible to keep me and my network 
>> safe and unwanted people out of my net.
>>
>> Even there are other methods to get into an unencrypted network...
>>
>> Best Sebastian
>>
>>
>> Am Mittwoch, 30. März 2016 22:51:03 UTC+2 schrieb Henry Terkura Swende:
>>>
>>> I'm kinda confused here guys kindly help me out? Why would I need SSL 
>>> when the portal is already secured. I mean what's the advantage of using 
>>> SSL instead of the JavaScript enabled security in grase?
>>> On Mar 30, 2016 9:25 PM, "Timothy White" <ti***.@gmail.com> wrote:
>>>
>>>> Thats great news Sebastian!
>>>>
>>>> Can you do a short writeup on the Wiki for that? 
>>>> https://github.com/GraseHotspot/grase-www-portal/wiki
>>>>
>>>> Regards
>>>>
>>>> Tim
>>>>
>>>> On Thu, Mar 31, 2016 at 12:18 AM, Sebastian Schneider <
>>>> se***.@gmail.com> wrote:
>>>>
>>>>> Hi Tim,
>>>>> thanks for that idea. It was obvious but I didn't think about it.
>>>>> The problem was mixed content, so http traffic in a https session. 
>>>>> jqchilli.js call: 
>>>>> var urlRoot = 'http://' + chilliController.host + ':' + 
>>>>> chilliController.port + '/json/'; // TODO make this dynamic
>>>>> in line 38.
>>>>> In line 22 and 23 I changed to host var to my DNS Hostname (fitting to 
>>>>> the cert) and changed to port to 4990.
>>>>> In my /etc/chilli/config I added:
>>>>> HS_UAMUISSL=on
>>>>> HS_REDIRSSL=on
>>>>> HS_SSLKEYFILE= /path/to/private_key
>>>>> HS_SSLCERTFILE=/path/to/cert
>>>>>
>>>>> The hosts file of the Controller resolves the CN Name of the cert to 
>>>>> 10.1.0.1
>>>>>
>>>>> Now I have SSL enabled, without any errors. 
>>>>>
>>>>> Regards
>>>>>
>>>>> Se
>>>>>
>>>>> Am Dienstag, 29. März 2016 13:05:34 UTC+2 schrieb timwhite88:
>>>>>>
>>>>>> Hi Sebastian
>>>>>>
>>>>>> Off the top of my head, I'm not sure what the problem is. Try using 
>>>>>> the browser developer tools to see any error messages you can see.
>>>>>>
>>>>>> Feel free to open an issue for it and when I get a chance I'll have a 
>>>>>> poke as well.
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>> Tim
>>>>>>
>>>>>> On Tue, Mar 29, 2016 at 8:26 PM, Sebastian Schneider <
>>>>>> se***.@gmail.com> wrote:
>>>>>>
>>>>>>> Hi Karotu, hi Tim,
>>>>>>>
>>>>>>> with the risk of annoying everyone, I tried to enable SSL yesterday, 
>>>>>>> as I did before with coova. The CHAP mechanism FAILS when SSL is enabled. 
>>>>>>> In any case, that shouldn't be the normal, right?
>>>>>>> I do have a valid CA signed Certificate (startssl, soon letsencrypt) 
>>>>>>> and my grasehotspot is resolving my address via a local hosts entry. So 
>>>>>>> internally(connected via hotspot) it's resolving to my controller, 
>>>>>>> public(not connected via my controller) it's resolving to my website.
>>>>>>>
>>>>>>> So apache and everything is running fine, no warnings, no nothing. 
>>>>>>> But I have to use the "non-secure" variant of the captive portal (non JS 
>>>>>>> version, non CHAP version) to login successfully, when using HTTPS.
>>>>>>> I had a look in the ChilliLibrary.js but without any luck.
>>>>>>>
>>>>>>> Any ideas from your side?
>>>>>>>
>>>>>>> Best
>>>>>>>
>>>>>>> Sebastian
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Am Sonntag, 9. März 2014 21:43:34 UTC+1 schrieb karotu:
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> Is it possible to make login secure with https?
>>>>>>>>
>>>>>>>> Thanks.
>>>>>>>>
>>>>>>>> Karotu
>>>>>>>>
>>>>>>>> -- 
>>>>>>>> ----------------------------------
>>>>>>>> Karotu Tannang
>>>>>>>> Nauoi IT Services
>>>>>>>> Behind BOK, Betio / PO Box 46, Bairiki
>>>>>>>> Tarawa, KIRIBATI
>>>>>>>> Mobile: +686 94038
>>>>>>>> Like Us on Facebook: http://www.facebook.com/nauoionline
>>>>>>>>
>>>>>>>>
>>>>>>>> -- 
>>>>>>> This mailing list is for the Grase Hotspot Project 
>>>>>>> http://grasehotspot.org
>>>>>>> --- 
>>>>>>> You received this message because you are subscribed to the Google 
>>>>>>> Groups "Grase Hotspot" group.
>>>>>>> To unsubscribe from this group and stop receiving emails from it, 
>>>>>>> send an email to gr***.@grasehotspot.org.
>>>>>>> To post to this group, send email to gr***.@grasehotspot.org.
>>>>>>> Visit this group at 
>>>>>>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>>>>>>> To view this discussion on the web visit 
>>>>>>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/73b262da-42ff-451f-b538-96550a7a706b%40grasehotspot.org 
>>>>>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/73b262da-42ff-451f-b538-96550a7a706b%40grasehotspot.org?utm_medium=email&utm_source=footer>
>>>>>>> .
>>>>>>>
>>>>>>
>>>>>> -- 
>>>>> This mailing list is for the Grase Hotspot Project 
>>>>> http://grasehotspot.org
>>>>> --- 
>>>>> You received this message because you are subscribed to the Google 
>>>>> Groups "Grase Hotspot" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send 
>>>>> an email to gr***.@grasehotspot.org.
>>>>> To post to this group, send email to gr***.@grasehotspot.org.
>>>>> Visit this group at 
>>>>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>>>>> To view this discussion on the web visit 
>>>>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/293b318e-7b39-46d5-b142-774f2a91dfd8%40grasehotspot.org 
>>>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/293b318e-7b39-46d5-b142-774f2a91dfd8%40grasehotspot.org?utm_medium=email&utm_source=footer>
>>>>> .
>>>>>
>>>>
>>>> -- 
>>>> This mailing list is for the Grase Hotspot Project 
>>>> http://grasehotspot.org
>>>> --- 
>>>> You received this message because you are subscribed to the Google 
>>>> Groups "Grase Hotspot" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send 
>>>> an email to gr***.@grasehotspot.org.
>>>> To post to this group, send email to gr***.@grasehotspot.org.
>>>> Visit this group at 
>>>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>>>> To view this discussion on the web visit 
>>>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0Ky4%2BAxESAZNf%3DLhKf%2BvTovLrsQ2wc3XRPvY4Y3psiE0A%40mail.gmail.com 
>>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0Ky4%2BAxESAZNf%3DLhKf%2BvTovLrsQ2wc3XRPvY4Y3psiE0A%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>> -- 
>> This mailing list is for the Grase Hotspot Project 
>> http://grasehotspot.org
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "Grase Hotspot" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to gr***.@grasehotspot.org.
>> To post to this group, send email to gr***.@grasehotspot.org.
>> Visit this group at 
>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>>
> To view this discussion on the web visit 
>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/9e831ec8-a1b0-48b7-beda-e7480efa534b%40grasehotspot.org 
>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/9e831ec8-a1b0-48b7-beda-e7480efa534b%40grasehotspot.org?utm_medium=email&utm_source=footer>
>> .
>>
>

Thread