[Chilli] SSL on Chili

Gergely Kiss mail.gery at gmail.com
Thu Nov 19 22:56:05 UTC 2009


Ah, sorry, I've misunderstood something... It's pointless in this case
to buy a commercial certificate, therefore solution 1 and 5 aren't
solutions in this case.

2009/11/19 Gergely Kiss <mail.gery at gmail.com>:
> Yes, you are right. It seems to be a hard nut, but I still have some ideas:
>
> 1. Give the certificate to users and ask them to install it (not much
> preferred for installations used by hundreds of subscribers).
>
> 2. Reject HTTPS requests and tell the users somehow that they must log
> in to browse the web (can be printed on the login card). HTTP requests
> can still be redirected to the login page.
>
> 3. Just tell the users, that it's normal if they see a warning before
> logging in - it's not an elegant method, but for small networks, it
> should be adequate.
>
> 4. Grant the browsing of HTTPS sites, but only with a limited
> bandwidth and by displaying a message to the user that he/she should
> log in to browse at full speed (it's a silly and overcomplicated
> solution, isn't it?).
>
> 5. Buy a formally signed certificate and use it with Apache - and the
> warning message will disappear.
>
> Could there be any other methods which can be taken in account? Maybe
> a Joker solution?
>
> 2009/11/19 Wichert Akkerman <wichert at wiggy.net>:
>> On 11/19/09 21:33 , Gergely Kiss wrote:
>>>
>>> Here is my idea: let's redirect all HTTPS requests to a HTTPS-enabled
>>> Apache server which will then point the browser to the login screen
>>> (HTTP) via the UrlRewrite module.
>>
>> The problem with this is SSL certs: every single https request will go to
>> your server, which will not have a valid SSL cert for the requested page.
>> Which means users will always get a nasty security warning.
>>
>> Wichert.
>>
>> _______________________________________________
>> Chilli mailing list
>> Chilli at coova.org
>> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>>
>


More information about the Chilli mailing list