[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Was: SSH Tunneling - Cheap client to use? Now GUI SSL

Subject: Re: [cobalt-security] Was: SSH Tunneling - Cheap client to use? Now GUI SSL
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Wed, 22 Aug 2001 15:33:51 +0200
Organization: Stauber Multimedia Design
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Enrique,

> I'm a little confused with needing to use SSL with the admin GUI. I may
> not know what I'm talking about, but I thought that I had read awhile
> back that the reason the gui is on port 81 is because it runs through a
> semi ssl session which cobalt built into port 81. 

That's not correct. The admin interface is on a different port, because it 
runs off a different Apache webserver. There are two apaches running on a 
Cobalt RaQ3 or RaQ4. One is started and stopped through ...

/etc/rc.d/init.d/httpd stop|start|restart

... (which serves the regular webpages) and there is the admin server, which 
is started and stopped through ...

/etc/rc.d/init.d/admserv stop|start|restart

... and which is responsible for running the admin interface related pages.

SUN/Cobalt most likely split them to make it easier for the admin server to 
make changes to the regular Apache, which always requires a restart once you 
add, edit or delete websites, while the admin server's configuration never 
needs to be changed.

> I know that when I restart http, I always get a startup message which deals 
> with the ssl certificate.

It deals with the *missing* SSL certificate of the admin server. ;o) As long 
as you don't have an SSL certificate for your primary website, the admin 
server will complain upon startup that no SSL certificate is there.

Once you have generated an SSL certificate for the primary website, the admin 
server will use that and will switch the port 81 connections over to SSL. And 
then there will be no more complains about the missing certificate.

> Am I wrong in thinking that all this time that I have been running the
> cobalt gui via port 81 that it is not secure?

Correct. *If* you haven't set up an SSL certificate for your primary website, 
then all the time the admin interface has been unencrypted. You can easily 
check this. Login to your admin interface and if the URL doesn't show an 
"https://"; in front, but just "http://";, then you're running unsecured.

-- 

With best regards,

Michael Stauber
SOLARSPEED.NET

Follow-Ups:
- Re: [cobalt-security] Was: SSH Tunneling - Cheap client to use? Now GUI SSL
  - From: enrique

References:
- [cobalt-security] Was: SSH Tunneling - Cheap client to use? Now GUI SSL
  - From: enrique

Prev by Date: Re: [cobalt-security] How to determine if I need updates?
Next by Date: [cobalt-security] New pkg.nl.cobalt.com site
Previous by thread: [cobalt-security] Was: SSH Tunneling - Cheap client to use? Now GUI SSL
Next by thread: Re: [cobalt-security] Was: SSH Tunneling - Cheap client to use? Now GUI SSL

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index