https://live.paloaltonetworks.com/t5/general-topics/disable-https/m-p/260216#M96838 <P>Hi, may I know how do you downgrade the SSL.</P> Wed, 08 May 2019 03:33:41 GMT newuser123 2019-05-08T03:33:41Z https://live.paloaltonetworks.com/t5/general-topics/disable-https/m-p/120623#M96833 <P>I am running pfBlockerNG.</P><P>It cannot connect to Minemeld because of the self-signed certificate.</P><P>This is for my home, so I don't have a signed certificate to use.</P><P>Is it possible to simply disable SSL on the web server so I can get past the cert error?</P><P>&nbsp;</P><P>Thanks</P> Sun, 23 Oct 2016 02:17:12 GMT https://live.paloaltonetworks.com/t5/general-topics/disable-https/m-p/120623#M96833 jonjon 2016-10-23T02:17:12Z https://live.paloaltonetworks.com/t5/general-topics/disable-https/m-p/120710#M96834 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/49313">@jonjon</a>,</P> <P>you can disable HTTPS by tweaking the nginx config in /etc/nginx/sites-enabled/minemeld-web, but I would strongly recommend against this for security reasons. Couldn't you create a new CA and a new certificate for MineMeld and add the CA to the list of trusted CAs of pfBlockerNG instead ?&nbsp;</P> Mon, 24 Oct 2016 07:21:38 GMT https://live.paloaltonetworks.com/t5/general-topics/disable-https/m-p/120710#M96834 lmori 2016-10-24T07:21:38Z https://live.paloaltonetworks.com/t5/general-topics/disable-https/m-p/121368#M96835 <P>I remarked out the https redirect and was able to the main page to run without encryption.</P><P>However, I still could not get to the feeds pages without doing https.</P><P>&nbsp;</P><P>I don't know how to add trusted CAs to pfblockerng to work that angle.</P><P>&nbsp;</P><P>I really only need the feeds pages to be unencrypted.</P><P>&nbsp;</P><P>If that can only be acheived by unencyrpting the entire site, I'm not worried about the lost security. This is only for my home. And if someone is actually sniffing my packets or MitM on my home network, I've far far bigger problems than any data exposed from Minemeld.</P><P>&nbsp;</P> Wed, 26 Oct 2016 00:53:57 GMT https://live.paloaltonetworks.com/t5/general-topics/disable-https/m-p/121368#M96835 jonjon 2016-10-26T00:53:57Z https://live.paloaltonetworks.com/t5/general-topics/disable-https/m-p/121692#M96836 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/49313">@jonjon</a>,</P> <P><STRONG>DISCLAIMER: do this only for testing and only if it is really needed, never never in&nbsp;production !</STRONG></P> <P>&nbsp;</P> <P>Easy way is editing /etc/nginx/sites-enabled/minemeld-web file and change the first lines. Comment out the first <EM>server</EM> stanza, and change the <EM>server</EM> stanza to listen on port 80 with no ssl:</P> <PRE>upstream app_server {<BR /> server 127.0.0.1:5000 fail_timeout=0;<BR />}<BR /><BR /><STRONG># server { # listen 80; # server_name ~(.+)$; # return 301 https://$1$request_uri; # } </STRONG> server { <STRONG> listen 80;<BR /></STRONG>[...]</PRE> <P>And then:</P> <PRE>$ sudo service nginx restart</PRE> Thu, 27 Oct 2016 10:04:24 GMT https://live.paloaltonetworks.com/t5/general-topics/disable-https/m-p/121692#M96836 lmori 2016-10-27T10:04:24Z https://live.paloaltonetworks.com/t5/general-topics/disable-https/m-p/121921#M96837 <P>I tried this.</P><P>The result is:</P><P>http://server/feeds/inboundfeedhc &nbsp;is not accessible at all.</P><P>Auhtentication fails when trying to log in to the main page.</P><P>&nbsp;</P><P>&nbsp;However, I found the answer.</P><P>Turns out pfblockerng has a state setting, "FLEX", to downgrade the SSL.</P><P>&nbsp;</P><P>It's working now. Thanks for the help.</P> Fri, 28 Oct 2016 01:47:28 GMT https://live.paloaltonetworks.com/t5/general-topics/disable-https/m-p/121921#M96837 jonjon 2016-10-28T01:47:28Z https://live.paloaltonetworks.com/t5/general-topics/disable-https/m-p/260216#M96838 <P>Hi, may I know how do you downgrade the SSL.</P> Wed, 08 May 2019 03:33:41 GMT https://live.paloaltonetworks.com/t5/general-topics/disable-https/m-p/260216#M96838 newuser123 2019-05-08T03:33:41Z