Disappointed Cat Posted May 15, 2013 Report Share Posted May 15, 2013 Is there a way to change the certificate used by the webui? Is it hardcoded into the binary?I don't mind if it generates it's own but I wan't it to be singned by my root CA.I'm also interested in the inner workings of the webui. For example I assume it loads the files from the webui.zip and runs a micro webserver. Can I change things in the zip file and will it be overridden on restart or an update?Also a small feature request: It would be nice if there'd be an option to force HTTPS and using a hash instead of clear text for passwords but I'm sure this was mentioned before. Quote Link to comment Share on other sites More sharing options...
rdebath Posted May 16, 2013 Report Share Posted May 16, 2013 You can change the webui.zip, but you must do so after BTSync has started up and before the first web client connects.The certificate is stored in the settings.dat file. As this is a bencode format file you can probably change it (delete the ".fileguard" tag) using a normal bencode editor when btsync isn't running. The format of the key looks standard to me.Actually, I didn't know it could even do SSL, It doesn't seem to be in the user guide, I'm using "stunnel" to encrypt the connection. Quote Link to comment Share on other sites More sharing options...
Disappointed Cat Posted May 16, 2013 Author Report Share Posted May 16, 2013 Thanks for the tip. I got it working.Any ideas on disabling the HTTP version? I can't filter the usual ports here. Quote Link to comment Share on other sites More sharing options...
Jero Posted May 16, 2013 Report Share Posted May 16, 2013 How do you enable https? if i change the port from 8888 to 443 nothing happens Quote Link to comment Share on other sites More sharing options...
Disappointed Cat Posted May 16, 2013 Author Report Share Posted May 16, 2013 Try https://your.host.com:8888.Don't ever use the port 443 manually. Quote Link to comment Share on other sites More sharing options...
Jero Posted May 16, 2013 Report Share Posted May 16, 2013 Great! now a "disable http" option Quote Link to comment Share on other sites More sharing options...
Disappointed Cat Posted May 16, 2013 Author Report Share Posted May 16, 2013 I have nothing on that. It's not a threat if you pay attention to never use it.Also it'd be great if the client would log failed attempts so we can hook it up with fail2ban. Quote Link to comment Share on other sites More sharing options...
baz Posted May 24, 2013 Report Share Posted May 24, 2013 Anyone know where I might look to see why I can't seem to connect to the web UI via SSL? In Safari it just hangs, and in Firefox on Ubuntu I get the following when trying to connect to https://192.168.30.95:8888Secure Connection Failed An error occurred during a connection to 192.168.30.95:8888.You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information:Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number.(Error code: sec_error_reused_issuer_and_serial)Connecting via http (http://192.168.30.95:8888) works just fine. Quote Link to comment Share on other sites More sharing options...
rdebath Posted May 24, 2013 Report Share Posted May 24, 2013 Sounds like you saved the certificate in the browser then the certificate was changed in the BTSync webgui. BUT the "serial number" has been hardcoded instead of being sequential or random. Hopefully this is BTSync's normal password and you just deleted the settings.dat file so now you have to delete the old certificate from your browser. Quote Link to comment Share on other sites More sharing options...
baz Posted May 24, 2013 Report Share Posted May 24, 2013 Ok thx. I'm going to try removing and re-installing Firefox on Ubuntu. If that doesn't help, I'll create a completely new VM and install Firefox there. Quote Link to comment Share on other sites More sharing options...
rdebath Posted May 24, 2013 Report Share Posted May 24, 2013 You don't have to uninstall, if you want a clean slate just make a new profile.eg: firefox -no-remote -ProfileManager Quote Link to comment Share on other sites More sharing options...
baz Posted May 24, 2013 Report Share Posted May 24, 2013 Thanks! The re-install ended up fixing it for Firefox on Ubuntu. Now I'll get to googling how to create a new safari profile on my macEdit: Spoke too soon. SSL was working fantastic on my home machine with BitTorrent Sync gui and Firefox, so I attempted to load up my server's gui with SSL and got the same error. Seems like Firefox is complaining that there are two sites using the same certificate (same serial # of 00)?? Has anyone successfully used SSL with multiple Sync web guis in Firefox? I'm sure there must be a security setting I can adjust somewhere to tell Firefox to ignore this? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.