search

Liblor / applied_sec_lab

Applied Security Laboratory - AS19
6 stars 1 forks source link

Add our root certificate to browser's root of trust #37

Closed Miro-H closed 4 years ago

Miro-H commented 4 years ago

This is far from a normal use case, therefore there is little tool support and the solution is a bit hacky.

keyctl commented 4 years ago

Is this actually tested? I'm not sure if I made a mistake, but I rebuilt the client machine and get a SEC_ERROR_UNKNOWN_ISSUER when visiting https://aslweb01/ with Firefox.

Miro-H commented 4 years ago

Is this actually tested? I'm not sure if I made a mistake, but I rebuilt the client machine and get a SEC_ERROR_UNKNOWN_ISSUER when visiting https://aslweb01/ with Firefox.

Yes, this is tested. Are you sure you have valid certificates in place? Maybe try to regenerate all of them?

keyctl commented 4 years ago

@Miro-H I now let this build twice just to make sure, and it still gives me a warning before visiting the site.

keyctl commented 4 years ago

I do vagrant destroy -f && vagrant up, then open Firefox and navigate to https://aslweb01/.

Miro-H commented 4 years ago

@keyctl Strange. In that case I try with a fresh environment as well. But I don't see why it should matter whether I destroy the whole infrastructure or only the client VM since the client VM should really be independent of the rest.

Miro-H commented 4 years ago

I do vagrant destroy -f && vagrant up, then open Firefox and navigate to https://aslweb01/.

I did exactly the same. For me the connection works. The webserver has an internal error but the certificate gives no warning for me.

Miro-H commented 4 years ago

I do vagrant destroy -f && vagrant up, then open Firefox and navigate to https://aslweb01/.

I did exactly the same. For me the connection works. The webserver has an internal error but the certificate gives no warning for me.

The webserver error is a problem with connection strings that it cannot find. Should be unrelated to this problem here.

keyctl commented 4 years ago

@Miro-H Did you update to the latest version of the box image? I'm on the latest version.

Miro-H commented 4 years ago

Hm no, still on 1.9.34. I try with the new version.

keyctl commented 4 years ago

I'm rebuilding now, too, and will keep you updated.

keyctl commented 4 years ago

Still does not work. Maybe someone else can try? Please use the make build command, it will generate a new setup.

keyctl commented 4 years ago

I think I've rebuilt this now another three times, and I've found that with a035b8e this should consistantly work. I think we can merge, @Miro-H.