cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Disable HTTPS

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
jonjon
L1 Bithead
‎10-22-2016 07:17 PM
‎10-22-2016 07:17 PM

Disable HTTPS

I am running pfBlockerNG.

It cannot connect to Minemeld because of the self-signed certificate.

This is for my home, so I don't have a signed certificate to use.

Is it possible to simply disable SSL on the web server so I can get past the cert error?

 

Thanks

0 Likes
Reply

Accepted Solutions
Highlighted
jonjon
L1 Bithead
‎10-27-2016 06:42 PM
‎10-27-2016 06:42 PM

I tried this.

The result is:

http://server/feeds/inboundfeedhc  is not accessible at all.

Auhtentication fails when trying to log in to the main page.

 

 However, I found the answer.

Turns out pfblockerng has a state setting, "FLEX", to downgrade the SSL.

 

It's working now. Thanks for the help.

View solution in original post

0 Likes
Reply

All Replies
Highlighted
lmori
L7 Applicator
‎10-24-2016 12:21 AM
‎10-24-2016 12:21 AM

Hi @jonjon,

you can disable HTTPS by tweaking the nginx config in /etc/nginx/sites-enabled/minemeld-web, but I would strongly recommend against this for security reasons. Couldn't you create a new CA and a new certificate for MineMeld and add the CA to the list of trusted CAs of pfBlockerNG instead ? 

0 Likes
Reply
Highlighted
jonjon
L1 Bithead
‎10-25-2016 05:53 PM
‎10-25-2016 05:53 PM

I remarked out the https redirect and was able to the main page to run without encryption.

However, I still could not get to the feeds pages without doing https.

 

I don't know how to add trusted CAs to pfblockerng to work that angle.

 

I really only need the feeds pages to be unencrypted.

 

If that can only be acheived by unencyrpting the entire site, I'm not worried about the lost security. This is only for my home. And if someone is actually sniffing my packets or MitM on my home network, I've far far bigger problems than any data exposed from Minemeld.

 

0 Likes
Reply
Highlighted
lmori
L7 Applicator
‎10-27-2016 03:04 AM
‎10-27-2016 03:04 AM

Hi @jonjon,

DISCLAIMER: do this only for testing and only if it is really needed, never never in production !

 

Easy way is editing /etc/nginx/sites-enabled/minemeld-web file and change the first lines. Comment out the first server stanza, and change the server stanza to listen on port 80 with no ssl:

upstream app_server {
    server 127.0.0.1:5000 fail_timeout=0;
}

# server {
#    listen 80;
#    server_name ~(.+)$;
#    return 301 https://$1$request_uri;
# }

server {
    listen 80;
[...]

And then:

$ sudo service nginx restart
0 Likes
Reply
Highlighted
jonjon
L1 Bithead
‎10-27-2016 06:42 PM
‎10-27-2016 06:42 PM

I tried this.

The result is:

http://server/feeds/inboundfeedhc  is not accessible at all.

Auhtentication fails when trying to log in to the main page.

 

 However, I found the answer.

Turns out pfblockerng has a state setting, "FLEX", to downgrade the SSL.

 

It's working now. Thanks for the help.

View solution in original post

0 Likes
Reply
Highlighted
newuser123
L0 Member
‎05-07-2019 08:33 PM
‎05-07-2019 08:33 PM

Hi, may I know how do you downgrade the SSL.

0 Likes
Reply
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!

Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2020 - Palo Alto Networks