Sensor Gateway access via https

GFCDSGFCDS
edited November 2014 in InfraSensing Sensors
Is there support for adding SSL certs. to a Sensor Gateway, such that https is verified and the connection actually encrypted?

Comments

  • AdministratorAdministrator
    The latest firmware version (5.07) for hardware v5 SensorGateway units has HTTPS
  • Yes but I don't know of any documentation that details how to install my own valid certs.
  • AdministratorAdministrator
    I see. Unfortunately, it's not currently possible to do so.
  • MeAtSCMeAtSC
    A documentation would really be great for this feature.

    I have to erase the device after enabling SSL, as no access is possible any more.
  • AdministratorAdministrator
    We'll be adding that one. HTTP should still work to access the SensorGateway's web interface as long as the browser hasn't been restarted yet.
  • MeAtSCMeAtSC
    The problem is that I unfortunately have to restart my computer from time to time and then the browser restarted. After that I don't have access.



    When I try to access by https I get the following error:



    This page can’t be displayed



    Turn on SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2 in Advanced settings and try connecting to https://10.82.0.4 again.



    We use Windows 8.1 X64 / IE 11



    By HTTP:



    The website declined to show this webpage



    HTTP 403



    Most likely causes:

    •This website requires you to log in.



    What SSL standard is the device using?
  • MeAtSCMeAtSC
    Also tried it with SSL 2 and SSL 3 enabled, with this result:



    The security certificate presented by this website is not secure.



    Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.



    We recommend that you close this webpage and do not continue to this website.
  • AdministratorAdministrator
    SSLv3 is used. As previously stated, you should have no trouble accessing the webpage if you haven't exited the webpage.



    The reason is once you activated HTTPS mode, access to the SensorGateway would be exclusive to HTTPS only after exiting or restarting the web browser, which apparently is locally significant to the device.


  • MeAtSCMeAtSC
    SSLv3 ... OH ... It's unsafe and all the browers cut the support.



    Can you access the https page with Win 8.1 / IE11, or can you reproduce it?
  • AdministratorAdministrator
    As per MS support on how to have IE trust a self signed site



    Browse to the site whose certificate you want to trust.

    When told “There is a problem with this website's security certificate.”, choose “Continue to this website (not recommended).”

    Select Tools➞Internet Options.

    Select Security➞Trusted sites➞Sites.

    Confirm the URL matches, and click “Add” then “Close”.

    Close the “Internet Options” dialog box with either “OK” or “Cancel”.

    Refresh the current page.

    When told “There is a problem with this website's security certificate.”, choose “Continue to this website (not recommended).”

    Click on “Certificate Error” at the right of the address bar and select “View certificates”.

    Click on “Install Certificate...”, then in the wizard, click “Next”.

    On the next page select “Place all certificates in the following store”.

    Click “Browse”, select “Trusted Root Certification Authorities”, and click “OK”.

    Back in the wizard, click “Next”, then “Finish”.

    If you get a “Security Warning” message box, click “Yes”.

    Dismiss the message box with “OK”.

    Select Tools➞Internet Options.

    Select Security➞Trusted sites➞Sites.

    Select the URL you just added, click “Remove”, then “Close”.

    Now shut down all running instances of IE, and start up IE again.

    The site’s certificate should now be trusted.



    Contact Microsoft support if you continue having issues connecting for proper configuration of your browser
  • MeAtSCMeAtSC
    This is not available with Win 8.1 X64 / IE11.



    Google: “Continue” Link Missing from Certificate Error Page.



    Maybe because you use RSA 512 Bits.


  • MeAtSCMeAtSC
    Status?
  • AdministratorAdministrator
    Your remarks have been passed on to our R&D.



    There is no status to provide. If a change will be made, then this will be part of any future firmware release.
  • MeAtSCMeAtSC
    When will this firmware be released? Any date available?
  • AdministratorAdministrator
    Unfortunately there is no fix for it any time soon as we depend on the chip manufacturer to support it.



    Only alternative is to use a different browser.
  • Andy74Andy74
    Is there any update to installing my own certs on the devices? My organization uses a certificate authority for all of its devices as a requirement.
  • AdministratorAdministrator
    Installing custom certs is not supported.
  • AdministratorAdministrator
    Andy74 - an update - when the new firmware will be released with SSL to all customers then we plan to offer the support for adding a custom certificate uploading as per requirements of some high security environments.
  • dearldearl
    I came up against this issue recently (lost access to gateway after enabling HTTPS) and was told to use an old version of Firefox (v20.0).
    I was able to access the gateway again and disable SSL.
Sign In or Register to comment.