Enabling HTTPS on the FireBrick: Difference between revisions

From AAISP Support Site
mNo edit summary
 
(3 intermediate revisions by the same user not shown)
Line 3: Line 3:
The certificates can be generated by the [https://en.wikipedia.org/wiki/Let%27s_Encrypt Let's Encrypt] service ''automagically'' once the ACME settings have been filled in. Alternatively, the FireBrick can also try negotiate HTTPS using it's own self-signed certificate which is usually generated automatically.
The certificates can be generated by the [https://en.wikipedia.org/wiki/Let%27s_Encrypt Let's Encrypt] service ''automagically'' once the ACME settings have been filled in. Alternatively, the FireBrick can also try negotiate HTTPS using it's own self-signed certificate which is usually generated automatically.


==Setting up ACME==
==Setting up ACME (Let's Encrypt)==
By default, the FireBrick will ship with the 'ISRG Root X1' root certificate that's needed for Let's Encrypt and the 'acme-directory' setting defaults to Let's Encrypt. Using Let's Encrypt is therefore very easy.

Other cert providers will need their root certificate installing and the 'acme-directory' setting set.

*Set up a domain hostname for your FireBrick - eg fb.yourdomain.com - pointing to the IP address of your FireBrick
*Under Config > Edit > Setup > System Settings
*Under Config > Edit > Setup > System Settings
**Fill in:
**Fill in:
Line 19: Line 24:
This process might not always be immediate. If it does not work immediately, allow some time for things to propagate.
This process might not always be immediate. If it does not work immediately, allow some time for things to propagate.


Video:
<iframe width="560" height="315" src="https://www.youtube.com/embed/747vD5DGnt8" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
https://www.youtube.com/embed/747vD5DGnt8

==Using a self-signed certificate==
''Under Config > Edit > Setup > General System Services > Web Server Settings > Click '''Show All''' underneath the immediate set of boxes''

[[File:Https ss.png|thumb|right]]

Tick 'mode' and set to 'redirect-to-https' and ensure that 'https-port' is set to 443. Also ensure that 'self-sign' is set to true.

Latest revision as of 13:34, 9 October 2023

It is now possible to use HTTPS to access the Web UI on the FireBrick. The FireBrick can also use ACME to generate SSL certificates to be used for IPSec and HTTPS.

The certificates can be generated by the Let's Encrypt service automagically once the ACME settings have been filled in. Alternatively, the FireBrick can also try negotiate HTTPS using it's own self-signed certificate which is usually generated automatically.

Setting up ACME (Let's Encrypt)

By default, the FireBrick will ship with the 'ISRG Root X1' root certificate that's needed for Let's Encrypt and the 'acme-directory' setting defaults to Let's Encrypt. Using Let's Encrypt is therefore very easy.

Other cert providers will need their root certificate installing and the 'acme-directory' setting set.

  • Set up a domain hostname for your FireBrick - eg fb.yourdomain.com - pointing to the IP address of your FireBrick
  • Under Config > Edit > Setup > System Settings
    • Fill in:
      • acme-hostname (The FQDN, DNS hostname, of the FireBrick)
      • acme-terms-agreed-email (your email address)

Optionally set:

  • Under Config > Edit > Setup > General system services > Web server settings
    • mode (eg, redirect-to-https-if-acme
ACME.png

Once filled in, and providing the hostname points to the FireBrick, you should be able to access the Web UI via HTTPS using this hostname.

This process might not always be immediate. If it does not work immediately, allow some time for things to propagate.

Video: https://www.youtube.com/embed/747vD5DGnt8