Hello:
I have followed the install guide for Nagios Core, and I'm in the process of securing the service.
SSLRequreSSL is been enabled in /etc/httpd/conf.d/nagios.conf for the following directories:"/usr/local/cgi-bin/sbin" and "/usr/local/nagios/share" and a valid SSL certificated from a CA has been installed.
httpd has been restarted without any errors. However, when I checked browser security in Chrome and Firefox there is secured and un-secured content on the web pages.
How do I ensure that all Nagios content is being secured on the pages that are displayed?
Many thanks
Implementing Forced TLS/SSL
Re: Implementing Forced TLS/SSL
What content is unsecured? images?
Former Nagios employee
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
-
- Posts: 3
- Joined: Sat Apr 13, 2013 7:07 am
Re: Implementing Forced TLS/SSL
Hi,
The paddlock show a warning sign. When I check the security of the browser it confirms that the page is secured using our certificate. Here is the message:
Your page is encrypted with 256-bit encryption.
However this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page.
Regards
The paddlock show a warning sign. When I check the security of the browser it confirms that the page is secured using our certificate. Here is the message:
Your page is encrypted with 256-bit encryption.
However this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page.
Regards
Re: Implementing Forced TLS/SSL
I just checked my core boxes and the only unsecured content are a few images which is not a big issue. Have you noticed anything else?
Former Nagios employee
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
-
- Posts: 3
- Joined: Sat Apr 13, 2013 7:07 am
Re: Implementing Forced TLS/SSL
There is a http link to Nagio's Copyright which I believe is the cause of the problem.
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Implementing Forced TLS/SSL
Actually I believe it may be the image in the feed under the "Don't Miss..." section on the homepage