Citeren Simon Wunderlich <s...@simonwunderlich.de>:
Hi guys,
we would like to use SSL client certificates to authenticate to a
OpenWRT/LEDE
router using UHTTPD/LUCI. We use a private PKI/certificate chain and
would only
like to admit users to the WebUI which present a valid SSL client certificate
through their web browser.
I've found a note in the OpenWRT wiki [1] which looks like this should be
possible in theory. Has anyone ever done this, and/or can give me some
pointers? Would this be possible with uhttpd, or should I switch to a
different webserver?
I don't think uhttpd can do this on its own (being a fairly
lightweight webserver). I don't know how others do this, but I reverse
proxy connections to the router through an Apache server I have
running anyway. The router only allows connections from the proxy.
This will allow you to do whatever authentication you desire (in
Apache), possibly using an existing authentication you'd might use for
your webserver. In my case I don't even bother to use encryption for
the webserver-router connection, since the webserver is plugged in
directly on a port of the router in its own dedicated VLAN (if someone
is able to tap into that connection, I have bigger problems to worry
about).
Thank you!
Simon
[1] https://wiki.openwrt.org/doc/howto/secure.access#webui, at the bottom it
says "to do: indicate how mandatory client certificate checking could be set
up"
_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev
