squeezebox153 wrote: > I'm just trying to enable https on the PiCore -- not understanding the > limitations and need for workarounds. All the more reason to go for option #3
But okay, crash course: https uses encryption to transfer information. While on an open server this encryption is negotiated on the fly, part of that negotiation is an identity exchange for your browser to verify that the information is coming from the correct server (rather than a middle man that intercepted your communication). To be able to do that your browser verifies the signature of the https certificate which it must be able to decrypt by using a key that was pre-installed on your system and is commonly referred to as a trusted authority (which includes Let's Encrypt Corp.). If your browser cannot verify the certificate then hairy things may happen and you probably have experienced this once or twice when accessing a web page through an open network that used some kind of access portal, either requiring you to enter an access code to enable browsing or accept some usage clause. As a rule this is not a free service and while Let's Encrypt appears to be an exception their free certificates are marked to expire in such a short time that you should become annoyed very soon and start paying for one that will require less administration. Yes there are alternatives to using a trusted authority supplied by your OS vendor (who obviously receives payment for it). You can inject your own and create a certificate that won't expire in a hundred years. The point here is that if you're not getting any of this you should not get involved in it. Your main issue here is that your browser won't accept non-encrypted content as part of an encrypted page. The other way around (i.e. encrypted content as part of a non-encrypted page) should not be an issue. Either way you will need some intermediate that will translate one to the other, encrypted to non-encrypted or vice versa, and I suggest you use that to pass off the difficult stuff to them rather than assign yourself a lot of work on maintenance. ------------------------------------------------------------------------ gordonb3's Profile: http://forums.slimdevices.com/member.php?userid=71050 View this thread: http://forums.slimdevices.com/showthread.php?t=114962 _______________________________________________ unix mailing list [email protected] http://lists.slimdevices.com/mailman/listinfo/unix
