On Sunday, 25 February 2018 08:04:49 GMT Terry Coles wrote: > > You can trying listening on TCP port 443 and seeing if Android 7 will > > play along with your self-signed certificates. Perhaps it will as far > > as thinking it's got to the Internet, but that Java source I referenced > > also talks of `PAC' that I suspect are some sort of Android software > > update package. If a PAC is involved then it will obviously only trust > > that from the expected Google source, verified by the certificate. > > I'm going to try that today. Lloyd at Foxdog says that they have https > support with a Foxdog Certificate and all the phones that he's tried work. > He doesn't specify what they are.
I've just spent much of this morning getting my head around what https, SSL, TLS and SSL Certificates are all about. I now have a (fairly limited) understanding of how to get and use a certificate, based on info here and elsewhere: http://nginx.org/en/docs/http/configuring_https_servers.html I used the command: openssl req -x509 -newkey rsa:2048 -nodes -days 365 -keyout WMT.com.key -out WMT.com.csr to generate the certificate and key and put them into /etc/ssl, with the nginx.conf configured to give me a Single HTTP/HTTPS server, as defined in the nginx link. Once all the files were installed, I ran sudo nginx -s reload with no errors. Predictably though, it didn't work and when I typed https://WMT.com from my laptop while connected to the WMT AP, I got: ... Attackers might be trying to steal your information from wmt.com (for example, passwords, messages or credit cards). Learn more NET::ERR_CERT_AUTHORITY_INVALID Subject: Terry Coles Issuer: Terry Coles Expires on: 25 Feb 2019 Current date: 25 Feb 2018 PEM encoded chain: -----BEGIN CERTIFICATE----- ..... ..... -----END CERTIFICATE----- This server could not prove that it is wmt.com; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection. ... So is it mis-configuration or does Chrome (Chromium) not trust the Certificate because it is not Domain Validated? We obviously can't get one of those because the domain name WMT.com is only used on our local network and not registered with Nominet (or any other Authority). -- Terry Coles -- Next meeting: Bournemouth, Tuesday, 2018-03-06 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread: mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING Reporting bugs well: http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR
