Administration: Difference between revisions

Jump to navigation Jump to search

Administration (view source)

Revision as of 09:01, 5 December 2024

239 bytes removed ,  5 December 2024
→‎TLS/SSL certificate
(add more detail to the access control)
Line 51: Line 51:
=== TLS/SSL certificate ===
=== TLS/SSL certificate ===


The appliance comes with a pre-installed generic TLS certificate but a custom certificate can be uploaded, generated (since 3.6) or downloaded from a Certificate Authority (since 3.6).
The appliance comes with a pre-installed generic TLS certificate but a custom certificate can be uploaded, generated or downloaded from a Certificate Authority via ACME.


Depending on your firmware-version there are two to four possibilities.
==== Modes ====
The following modes are supported:
* '''Legacy''': The default certificates the appliance got shipped with will be used if the appliance got shipped with an older firmware than 3.6. You won't be able to switch back to this option and it will be hidden if it is not selected.
* '''ACME''': The Certificates will be downloaded from the specified Certificate Authority
* '''Upload''': You are able to upload a X.509 certificate file and a (unencrypted) key file in the .pem-file format. Upon successful upload, this certificate will be used to serve the user interface. The .pem-file should contain the full certificate chain to trust the certificate: If there is an intermediate CA, its certificate should also be in the file.
* '''Self-Signed''': Generate self-signed certificates with a custom host-name. They will be valid for 10 years and replace the legacy certificates for devices shipped with firmware version 3.6 or later.
The Default Mode is always the fall-back if the process does not work.


==== Since 3.6: ====
There are four modes:
* Legacy: The default certificates the appliance got shipped with will be used if the appliance got shipped with an older firmware than 3.6. You won't be able to switch back to this option and it will be hidden if it is not selected.
* ACME: The Certificates will be downloaded from the specified Certificate Authority
* Upload: You are able to upload a X.509 certificate file and a (unencrypted) key file in the .pem-file format. Upon successful upload, this certificate will be used to serve the user interface.
* Self-Signed: Self-Signed: Generate self-signed certificates with a custom host-name. They will be valid for 10 years and replace the legacy certificates for devices shipped with firmware version 3.6 or later.
The Default Mode is always the fall-back if the process does not work.
The '''Reset to default SSL certificate''' button will remove any user-provided SSL certificate and the user interface will be served using the default SSL certificate.
The '''Reset to default SSL certificate''' button will remove any user-provided SSL certificate and the user interface will be served using the default SSL certificate.


==== Before 3.6: ====
==== HSTS ====
There are two options:
 
* You are able to use the certificates the appliance got delivered with. (You are able to reset to that with the Reset-Button)
* You are able to upload a X.509 certificate file and a key file. Upon successful upload, this certificate will be used to serve the user interface.
 
==== Since 4.2: ====
With the version 4.2 the option to enable HTTP Strict Transport Security (HSTS) for the multimeter was added. HSTS stops users from trying to access the multimeter via unencrypted HTTP or ignoring invalid certificates for the multimeter.
With the version 4.2 the option to enable HTTP Strict Transport Security (HSTS) for the multimeter was added. HSTS stops users from trying to access the multimeter via unencrypted HTTP or ignoring invalid certificates for the multimeter.


Georg
28

edits

Retrieved from "https://allegro-packets.com/wiki/Special:MobileDiff/4910"

Navigation menu