SSL Support

Suggest new features here
Post Reply
VA2ZAC
Posts: 15
Joined: Wed Apr 11, 2018 8:49 pm

SSL Support

Post by VA2ZAC » Wed Apr 11, 2018 9:37 pm

It would be nice to have SSL support for the GUI that could either support Letsencrypt, self signed certificate, or an uploaded crt/key file. This would be great if it could be configured through the GUI!

For Letsencrypt, there are tools available for PHP:

https://letsencrypt.org/docs/client-options/

W5CAA
Posts: 9
Joined: Wed Apr 11, 2018 8:37 pm
Location: San Antonio, TX
Contact:

Re: SSL Support

Post by W5CAA » Wed Apr 11, 2018 10:04 pm

i second this!!

excellent idea!
w5caa.com
San Antonio's newest radio club: sadigitalradio.com
DMR ID: 1148825

User avatar
MW0MWZ
Site Admin
Posts: 916
Joined: Wed Apr 04, 2018 9:15 pm
Location: Wales, UK
Contact:

Re: SSL Support

Post by MW0MWZ » Thu Apr 12, 2018 7:12 am

I totally agree - one of the reasons I have not done any work on this in the 3.x release is due to the huge load the dashboard currently creates, adding SSL to that is not going to lead anywhere nice; However, the new dashboard in 4.x uses so little load that SSL will be back on the table.

We may (or may not) make this a dashboard config option initially (or I may install a self signed cert on first boot etc) not sure exactly how I will play that yet, but SSL support really will be a reality in the 4.x chain.
Andy

73 de MW0MWZ
http://pistar.uk

BH8SXD
Posts: 6
Joined: Thu Apr 12, 2018 6:46 am
Location: OL14jv
Contact:

Re: SSL Support

Post by BH8SXD » Mon Apr 16, 2018 4:08 pm

Looking forward to the new feeling brought by the 4.x version
Happy every day! ! !

W4JEW
Posts: 35
Joined: Sun Aug 12, 2018 12:53 am

Re: SSL Support

Post by W4JEW » Sat Jan 26, 2019 7:49 am

Bubbling this up to the top of the list. It made it WAY too far down the list and I’m shocked there haven’t been more votes for this!

I’m a security engineer by trade and I’m constantly evangelizing the need for encryption everywhere! It’s ironic that Pi-Star supports SSH for encrypted command-line access but no encryption for the browser. The browser is used far more relative to command-line access. Why should it be any different?

Encryption everywhere...please!!!

I’d be more than happy to help implement it. Just say the word!

While possible to install OpenSSL, install self-signed certificates and reconfigure the web server to support HTTPS, IMHO Pi-Star should support it out of the box.

Even LetsEncrypt makes the process of installing real certificates is relatively simple to implement at this point. No need for self-signed certificates and browser warning messages.

There should be more focus on security for systems - ESPECIALLY when they’re primarily being used on Wi-Fi networks.

I cringe at the fact that people even contemplate port forwarding the web interface out to the Internet without HTTPS!!! I urge people to not do this! It’s just bad practice.

/me off soapbox

Thank you!

k2dls
Posts: 74
Joined: Mon Aug 20, 2018 5:24 pm

Re: SSL Support

Post by k2dls » Sat Jan 26, 2019 2:22 pm

+1 on including Let's Encrypt in the build. Let's Encrypt is a free and simple way to manage SSL certificates.

User avatar
KE0FHS
Posts: 1067
Joined: Wed Apr 11, 2018 8:40 pm
Location: Colorado, USA
Contact:

Re: SSL Support

Post by KE0FHS » Sat Jan 26, 2019 3:14 pm

+1 Pi-Star is just about the only thing I run unencrypted, and that makes me a bit nervous.
73, Toshen, KE0FHS
Playing with Pi-Star (unofficial notes about setting up and using Pi-Star):
https://amateurradionotes.com/pi-star.htm

Post Reply