Hi,
i have a fresh installed Pihole v6 Beta.
Is it sensible to use https Access to Piholes Web Interface for a LocalAreaNetwork ?
Beta v6 shows on the Login Page that the connection of http is insecure and i should enable https connection for end to end protection.
But i don´t access the Web Interface over the Internet, only in my Home LAN.
https ensures that the traffic, between your client computer and the web server, is secured against eavesdropping or imposter attacks. This is useful where traffic moves across untrusted networks or where there are untrusted clients, such as the Internet.
On a home network there isn't much value in it, but, that said, there's no harm in having it enabled if it's on by default anyway and doesn't add any annoyances to the workflow.
Thanks for Answer.
I can access Web Interface through port 443 (Standard for HTTPS) instead 8080 (HTTP in Pihole Beta V6) , but without Certificate for HTTPS it´s also insecure.
I can add a exception to Mozilla Firefox to access the Pihole HTTPS Home Network Adress without a certificate.
So as you said no need for it in home network.
If make an exception for the cert thats offered, traffic will still be encrypted making eavesdropping close to impossible.
Its just that the cert is not signed/issued by a (browser) trusted CA but instead by pi.hole itself (EDIT: OOTB):
dehakkelaar@ph6b:~$ openssl s_client -connect localhost:443 </dev/null 2>/dev/null | openssl x509 -noout -text | grep 'Issuer:\|Subject:.* CN =\|Alternative Name\|DNS:'
Issuer: CN = pi.hole
Subject: CN = pi.hole
X509v3 Subject Alternative Name:
DNS:pi.hole
Not signed by one of these blokes:
dehakkelaar@ph6b:~$ basename -a /usr/share/ca-certificates/mozilla/*.crt
ACCVRAIZ1.crt
AC_RAIZ_FNMT-RCM.crt
AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
ANF_Secure_Server_Root_CA.crt
Actalis_Authentication_Root_CA.crt
AffirmTrust_Commercial.crt
AffirmTrust_Networking.crt
AffirmTrust_Premium.crt
AffirmTrust_Premium_ECC.crt
Amazon_Root_CA_1.crt
Amazon_Root_CA_2.crt
Amazon_Root_CA_3.crt
Amazon_Root_CA_4.crt
Atos_TrustedRoot_2011.crt
Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068_2.crt
Baltimore_CyberTrust_Root.crt
Buypass_Class_2_Root_CA.crt
Buypass_Class_3_Root_CA.crt
CA_Disig_Root_R2.crt
CFCA_EV_ROOT.crt
COMODO_Certification_Authority.crt
COMODO_ECC_Certification_Authority.crt
COMODO_RSA_Certification_Authority.crt
Certainly_Root_E1.crt
Certainly_Root_R1.crt
Certigna.crt
Certigna_Root_CA.crt
Certum_EC-384_CA.crt
Certum_Trusted_Network_CA.crt
Certum_Trusted_Network_CA_2.crt
Certum_Trusted_Root_CA.crt
Comodo_AAA_Services_root.crt
D-TRUST_BR_Root_CA_1_2020.crt
D-TRUST_EV_Root_CA_1_2020.crt
D-TRUST_Root_Class_3_CA_2_2009.crt
D-TRUST_Root_Class_3_CA_2_EV_2009.crt
DigiCert_Assured_ID_Root_CA.crt
DigiCert_Assured_ID_Root_G2.crt
DigiCert_Assured_ID_Root_G3.crt
DigiCert_Global_Root_CA.crt
DigiCert_Global_Root_G2.crt
DigiCert_Global_Root_G3.crt
DigiCert_High_Assurance_EV_Root_CA.crt
DigiCert_TLS_ECC_P384_Root_G5.crt
DigiCert_TLS_RSA4096_Root_G5.crt
DigiCert_Trusted_Root_G4.crt
E-Tugra_Certification_Authority.crt
E-Tugra_Global_Root_CA_ECC_v3.crt
E-Tugra_Global_Root_CA_RSA_v3.crt
Entrust.net_Premium_2048_Secure_Server_CA.crt
Entrust_Root_Certification_Authority.crt
Entrust_Root_Certification_Authority_-_EC1.crt
Entrust_Root_Certification_Authority_-_G2.crt
Entrust_Root_Certification_Authority_-_G4.crt
GDCA_TrustAUTH_R5_ROOT.crt
GLOBALTRUST_2020.crt
GTS_Root_R1.crt
GTS_Root_R2.crt
GTS_Root_R3.crt
GTS_Root_R4.crt
GlobalSign_ECC_Root_CA_-_R4.crt
GlobalSign_ECC_Root_CA_-_R5.crt
GlobalSign_Root_CA.crt
GlobalSign_Root_CA_-_R3.crt
GlobalSign_Root_CA_-_R6.crt
GlobalSign_Root_E46.crt
GlobalSign_Root_R46.crt
Go_Daddy_Class_2_CA.crt
Go_Daddy_Root_Certificate_Authority_-_G2.crt
HARICA_TLS_ECC_Root_CA_2021.crt
HARICA_TLS_RSA_Root_CA_2021.crt
Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
HiPKI_Root_CA_-_G1.crt
Hongkong_Post_Root_CA_1.crt
Hongkong_Post_Root_CA_3.crt
ISRG_Root_X1.crt
ISRG_Root_X2.crt
IdenTrust_Commercial_Root_CA_1.crt
IdenTrust_Public_Sector_Root_CA_1.crt
Izenpe.com.crt
Microsec_e-Szigno_Root_CA_2009.crt
Microsoft_ECC_Root_Certificate_Authority_2017.crt
Microsoft_RSA_Root_Certificate_Authority_2017.crt
NAVER_Global_Root_Certification_Authority.crt
NetLock_Arany_=Class_Gold=_FÅtanúsÃtvány.crt
OISTE_WISeKey_Global_Root_GB_CA.crt
OISTE_WISeKey_Global_Root_GC_CA.crt
QuoVadis_Root_CA_1_G3.crt
QuoVadis_Root_CA_2.crt
QuoVadis_Root_CA_2_G3.crt
QuoVadis_Root_CA_3.crt
QuoVadis_Root_CA_3_G3.crt
SSL.com_EV_Root_Certification_Authority_ECC.crt
SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
SSL.com_Root_Certification_Authority_ECC.crt
SSL.com_Root_Certification_Authority_RSA.crt
SZAFIR_ROOT_CA2.crt
SecureSign_RootCA11.crt
SecureTrust_CA.crt
Secure_Global_CA.crt
Security_Communication_ECC_RootCA1.crt
Security_Communication_RootCA2.crt
Security_Communication_RootCA3.crt
Security_Communication_Root_CA.crt
Starfield_Class_2_CA.crt
Starfield_Root_Certificate_Authority_-_G2.crt
Starfield_Services_Root_Certificate_Authority_-_G2.crt
SwissSign_Gold_CA_-_G2.crt
SwissSign_Silver_CA_-_G2.crt
T-TeleSec_GlobalRoot_Class_2.crt
T-TeleSec_GlobalRoot_Class_3.crt
TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
TWCA_Global_Root_CA.crt
TWCA_Root_Certification_Authority.crt
TeliaSonera_Root_CA_v1.crt
Telia_Root_CA_v2.crt
TrustCor_ECA-1.crt
TrustCor_RootCert_CA-1.crt
TrustCor_RootCert_CA-2.crt
Trustwave_Global_Certification_Authority.crt
Trustwave_Global_ECC_P256_Certification_Authority.crt
Trustwave_Global_ECC_P384_Certification_Authority.crt
TunTrust_Root_CA.crt
UCA_Extended_Validation_Root.crt
UCA_Global_G2_Root.crt
USERTrust_ECC_Certification_Authority.crt
USERTrust_RSA_Certification_Authority.crt
XRamp_Global_CA_Root.crt
certSIGN_ROOT_CA.crt
certSIGN_Root_CA_G2.crt
e-Szigno_Root_CA_2017.crt
ePKI_Root_Certification_Authority.crt
emSign_ECC_Root_CA_-_C3.crt
emSign_ECC_Root_CA_-_G3.crt
emSign_Root_CA_-_C1.crt
emSign_Root_CA_-_G1.crt
vTrus_ECC_Root_CA.crt
vTrus_Root_CA.crt
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.