NZB360 too trusting of self-signed certificates

Having trouble setting everything up? No worries, we'll help.

NZB360 too trusting of self-signed certificates

Postby eremos » Sun Feb 07, 2016 3:19 pm

I've just set up my apps as follows:

NZB360 -> Apache SSL reverse proxy with basic authentication -> unencrypted connection to apps

Everything works a little too well in that NZB360 never prompted me to accept the certificate. I'm concerned that my credentials could be intercepted rather trivially on an untrusted wifi connection.

Should NZB360 have prompted for the cert? Can I configure it to be less trusting?

Thanks
eremos
 
Posts: 1
Joined: Sun Feb 07, 2016 3:14 pm

Re: NZB360 too trusting of self-signed certificates

Postby f3bruary » Sun Feb 07, 2016 3:59 pm

Does your browser ask you to confirm a certificate ? When you're using something that the browser supports, then it doesn't If you made your own certificate, then perhaps yes.

If you don't know for sure whether the connection is encrypted, then sniff the traffic and see for yourself.

Optionally, if you like having a secure connection, yet no passwords, you might want to consider a vpn setup.
-f3b
User avatar
f3bruary
 
Posts: 625
Joined: Wed Feb 26, 2014 7:12 pm
Location: /root


Return to Support



cron