search

paradoxxxzero / butterfly

A web terminal based on websocket and tornado
http://paradoxxxzero.github.io/2014/02/28/butterfly.html
Other
2.9k stars 309 forks source link

HTTPS - untrusted? #194

Open mayonek opened 4 years ago

mayonek commented 4 years ago

Hi i host butterfly on my VPS. Everything works fine, but why my website https://example.com:57575 is always "untrusted"?

I generated all certs but it looks like butterfly doesn't use it

ppkantorski commented 3 years ago

you need to override the certificates manually and generate them using 825 or less days, using the following as your server.csr.cnf.

[ req ] default_bits = 4096 prompt = no default_md = sha512 distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName = US stateOrProvinceName = RandomState localityName = RandomCity organizationName = RandomOrganization commonName = YourCommonName [ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = YourServerName

I use 4096 and sha512 myself. with your DNS in the Subject Alternative Name it seems to become a trusted certificate. For my server I only load the .cnf and the .key files, not the CA files. I am less concerned with who can access the URL and more concerned with man-in-the-middle attacks. Just capturing traffic with WireShark using HTTP is enough for people to see everything you are doing, so if using HTTP you need a VPN or to use HTTPS.