Client certificate for visualisation access?

[Regis]

Hi,
I am trying to eliminate passwords for visualization without compromising security too much. Would the LogicMachine be able to accept and use client certificates (mTLS) for the visualization/HTTPS access? I don't see any option in the GUI or in the manual, but perhaps there is a way to achieve this with custom scripts/configuration?

Thanks in advance.

EDIT: So I found LM is using Nginx as web server so it should be possible. Can I access the Nginx config file? I tried to SSH to the LM but I get connection refused to I assume SSH is disabled by default...?

[Daniel]

Hi
Go to system->Services->HTTP SSL certificate this is where you have to paste your certificate.
PS. SSH acces is only for remote debugging and it should be disabled.
BR

[admin]

This can be implemented by modifying nginx config file but then you won't be able to have several users with different access rights.

[Regis]

Thanks for the replies. For now I am willing to accept only single user for the visualization if it means no more password entry every time I need to access the visu.

Can you suggest a best way to modify the nginx config file? I tried FTP but that does not seem to be usable for this. I found a way to enable SSH however I cannot login - what is the username/password? I tired "admin", "user", "root" with the admin password for web access but it only results in "Permission denied, please try again."

[Regis]

Anyone?

BTW it seems to be possible to still use user accounts - Nginx can pass the client certificate name to the script handling the web page (PHP, etc. - I am not sure what LM uses). This should be sufficient to correctly distinguish different client certificates and therefore different clients. However some changes in the scripts will be required.

Now that I am thinking about this, is it possible your reply meant that I as an user am not supposed to change the nginx config and therefore this is not possible? I might have misunderstood.