Tiny Tiny RSS: Community

Login with an SSL certificate


#1

Hi,

I found the option “Login with an SSL certificate”, but I’m not sure how to use this. The field and the button register are shown greyed out.

I only found this post on the old forum: https://tt-rss.org/oldforum/viewtopic.php?t=3799, but it doesn’t mention the entry in the preferences and I didn’t get it working. I’m using nginx and also looked at this tutorial: https://gist.github.com/mtigas/952344 The creation of the CA and client cert is basically the same. I tried a few things, but I can never select a certificate in the preferences.

So my question is: Is there any documentation on the “Login with an SSL certificate” settings or do I have to find it out on myself?


#2

i thought we had a wiki page on this but i can’t find it for some reason. maybe not.

you need to have your browser present client certificate to the server so that tt-rss would be able to read its fingerprint and register it, unfortunately i’ve last used this feature years ago and i don’t remember the details.

maybe someone else here will chime in, otherwise i’m afraid you’ll have to investigate yourself.

tbh with modern browser vendors working to undermine user control of the trust chain i would expect support for custom CAs and certificates to dwindle or become more and more convoluted so this feature might as well be deprecated. this is my personal opinion though.

e: if you manage to figure it out with modern browsers and httpd i would appreciate a quick writeup for the wiki.


#3

I use certificate auth. When I’m not mobile I’ll post my Nginx conf and some info about getting it to work (later today, probably).


#4

why not make a wiki page HINT HINT


#5

Yeah, that’s what I meant. I had just woke up and was replying on my phone. Kind of surprised my reply was as coherent as it was.


#6

I’ve put something together; it’s not exhaustive but I think it’s a good start.

… But I don’t have rights to push to the wiki.


#7

hmmm, what about now?


#8

Yup. Thanks!

SSL Certification Authentication


#9

extensive writeup, thanks!


#10

Thanks for writing that Wiki page! I wrote the old forum post on Apache setups, and am just making the switch to nginx. Well done.