[Chilli] SSL on Chili

Gergely Kiss mail.gery at gmail.com
Thu Nov 19 22:52:17 UTC 2009


Yes, you are right. It seems to be a hard nut, but I still have some ideas:

1. Give the certificate to users and ask them to install it (not much
preferred for installations used by hundreds of subscribers).

2. Reject HTTPS requests and tell the users somehow that they must log
in to browse the web (can be printed on the login card). HTTP requests
can still be redirected to the login page.

3. Just tell the users, that it's normal if they see a warning before
logging in - it's not an elegant method, but for small networks, it
should be adequate.

4. Grant the browsing of HTTPS sites, but only with a limited
bandwidth and by displaying a message to the user that he/she should
log in to browse at full speed (it's a silly and overcomplicated
solution, isn't it?).

5. Buy a formally signed certificate and use it with Apache - and the
warning message will disappear.

Could there be any other methods which can be taken in account? Maybe
a Joker solution?

2009/11/19 Wichert Akkerman <wichert at wiggy.net>:
> On 11/19/09 21:33 , Gergely Kiss wrote:
>>
>> Here is my idea: let's redirect all HTTPS requests to a HTTPS-enabled
>> Apache server which will then point the browser to the login screen
>> (HTTP) via the UrlRewrite module.
>
> The problem with this is SSL certs: every single https request will go to
> your server, which will not have a valid SSL cert for the requested page.
> Which means users will always get a nasty security warning.
>
> Wichert.
>
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>


More information about the Chilli mailing list