Login with an SSL certificate

j_d · May 4, 2018, 11:05am

Hi,

I found the option “Login with an SSL certificate”, but I’m not sure how to use this. The field and the button register are shown greyed out.

I only found this post on the old forum: https://tt-rss.org/oldforum/viewtopic.php?t=3799, but it doesn’t mention the entry in the preferences and I didn’t get it working. I’m using nginx and also looked at this tutorial: Mini tutorial for configuring client-side SSL certificates. · GitHub The creation of the CA and client cert is basically the same. I tried a few things, but I can never select a certificate in the preferences.

So my question is: Is there any documentation on the “Login with an SSL certificate” settings or do I have to find it out on myself?

fox · May 4, 2018, 11:36am

i thought we had a wiki page on this but i can’t find it for some reason. maybe not.

you need to have your browser present client certificate to the server so that tt-rss would be able to read its fingerprint and register it, unfortunately i’ve last used this feature years ago and i don’t remember the details.

maybe someone else here will chime in, otherwise i’m afraid you’ll have to investigate yourself.

tbh with modern browser vendors working to undermine user control of the trust chain i would expect support for custom CAs and certificates to dwindle or become more and more convoluted so this feature might as well be deprecated. this is my personal opinion though.

e: if you manage to figure it out with modern browsers and httpd i would appreciate a quick writeup for the wiki.

JustAMacUser · May 4, 2018, 1:33pm

I use certificate auth. When I’m not mobile I’ll post my Nginx conf and some info about getting it to work (later today, probably).

fox · May 4, 2018, 2:01pm

why not make a wiki page HINT HINT

JustAMacUser · May 4, 2018, 2:32pm

Yeah, that’s what I meant. I had just woke up and was replying on my phone. Kind of surprised my reply was as coherent as it was.

JustAMacUser · May 4, 2018, 5:27pm

I’ve put something together; it’s not exhaustive but I think it’s a good start.

… But I don’t have rights to push to the wiki.

fox · May 4, 2018, 5:49pm

hmmm, what about now?

JustAMacUser · May 4, 2018, 5:59pm

Yup. Thanks!

SSL Certification Authentication

fox · May 4, 2018, 6:18pm

extensive writeup, thanks!

joshp · November 13, 2018, 2:18am

Thanks for writing that Wiki page! I wrote the old forum post on Apache setups, and am just making the switch to nginx. Well done.