This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm that you accept these cookies being set.

Client certificate for visualisation access?
#1
Hi,
I am trying to eliminate passwords for visualization without compromising security too much. Would the LogicMachine be able to accept and use client certificates (mTLS) for the visualization/HTTPS access? I don't see any option in the GUI or in the manual, but perhaps there is a way to achieve this with custom scripts/configuration?

Thanks in advance.

EDIT: So I found LM is using Nginx as web server so it should be possible. Can I access the Nginx config file? I tried to SSH to the LM but I get connection refused to I assume SSH is disabled by default...?
Reply
#2
Hi
Go to system->Services->HTTP SSL certificate this is where you have to paste your certificate.
PS. SSH acces is only for remote debugging and it should be disabled.
BR
------------------------------
Ctrl+F5
Reply
#3
This can be implemented by modifying nginx config file but then you won't be able to have several users with different access rights.
Reply
#4
Thanks for the replies. For now I am willing to accept only single user for the visualization if it means no more password entry every time I need to access the visu.

Can you suggest a best way to modify the nginx config file? I tried FTP but that does not seem to be usable for this. I found a way to enable SSH however I cannot login - what is the username/password? I tired "admin", "user", "root" with the admin password for web access but it only results in "Permission denied, please try again."
Reply
#5
Anyone?

BTW it seems to be possible to still use user accounts - Nginx can pass the client certificate name to the script handling the web page (PHP, etc. - I am not sure what LM uses). This should be sufficient to correctly distinguish different client certificates and therefore different clients. However some changes in the scripts will be required.

Now that I am thinking about this, is it possible your reply meant that I as an user am not supposed to change the nginx config and therefore this is not possible? I might have misunderstood.
Reply


Forum Jump: