+- Logic Machine Forum (https://forum.logicmachine.net)
+-- Forum: LogicMachine eco-system (https://forum.logicmachine.net/forumdisplay.php?fid=1)
+--- Forum: Visualization (https://forum.logicmachine.net/forumdisplay.php?fid=9)
+--- Thread: Client certificate for visualisation access? (/showthread.php?tid=1886)
Client certificate for visualisation access? - Regis - 02.02.2019
Hi,
I am trying to eliminate passwords for visualization without compromising security too much. Would the LogicMachine be able to accept and use client certificates (mTLS) for the visualization/HTTPS access? I don't see any option in the GUI or in the manual, but perhaps there is a way to achieve this with custom scripts/configuration?
Thanks in advance.
EDIT: So I found LM is using Nginx as web server so it should be possible. Can I access the Nginx config file? I tried to SSH to the LM but I get connection refused to I assume SSH is disabled by default...?
RE: Client certificate for visualisation access? - Daniel - 04.02.2019
Hi
Go to system->Services->HTTP SSL certificate this is where you have to paste your certificate.
PS. SSH acces is only for remote debugging and it should be disabled.
BR
RE: Client certificate for visualisation access? - admin - 04.02.2019
This can be implemented by modifying nginx config file but then you won't be able to have several users with different access rights.
RE: Client certificate for visualisation access? - Regis - 10.02.2019
Thanks for the replies. For now I am willing to accept only single user for the visualization if it means no more password entry every time I need to access the visu.
Can you suggest a best way to modify the nginx config file? I tried FTP but that does not seem to be usable for this. I found a way to enable SSH however I cannot login - what is the username/password? I tired "admin", "user", "root" with the admin password for web access but it only results in "Permission denied, please try again."
RE: Client certificate for visualisation access? - Regis - 17.02.2019
Anyone?
BTW it seems to be possible to still use user accounts - Nginx can pass the client certificate name to the script handling the web page (PHP, etc. - I am not sure what LM uses). This should be sufficient to correctly distinguish different client certificates and therefore different clients. However some changes in the scripts will be required.
Now that I am thinking about this, is it possible your reply meant that I as an user am not supposed to change the nginx config and therefore this is not possible? I might have misunderstood.