Difference between revisions of "Removing of HTTPS security warning"

From Teltonika Networks Wiki
(Access the router WebUI using HTTPS protocol.)
(49 intermediate revisions by one other user not shown)
Line 1: Line 1:
== <big>Summary</big> ==
+
For accessing the device WebaUI using HTTPS it requires a certificate, else it will show the below error:
One of the main benefits of HTTPS is that it adds security and trust. It protects users against man-in-the-middle (MitM) attacks that can be launched from compromised or insecure networks. Hackers can use such techniques to steal your sensitive information.
 
Implementing SSL secures any data transmitted between server and browser during a user's session interacting with your device.
 
This article will help you get a good idea about how to implement security into your network while using '''Teltonika''' devices.<br>
 
  
----This page contains links with description all WebUI windows. If you're having trouble seeing all the pages listed here on your WebUI, you may need to '''turn on "Advanced WebUI" mode'''. You can do that by clicking the "Basic" button under "Mode", which is located at the top-right corner of the WebUI.
+
[[File:16.png|left]]
<br>
 
[[File:Networking_rut9_manual_webui_basic_advanced_mode.gif|alt=|center|border]]
 
<br>
 
For accessing the device WebaUI using HTTPS it requires a certificate, else it will show the below error:<br>
 
  
[[File:16.png|left|alt=|border]]
+
In this example, we will be able to access the device webpage using HTTPs, with a free certificate from a free CA.
  
In this example, we will be able to access the device webpage using HTTPS, with a free certificate from a free CA.
+
== <sup>'''<u><big>Certificate creation and trust:</big></u>'''</sup> ==
 +
#1 You must have a DNS record linked to the IP of the router; in my case, I’m using a Windows server to act as a DNS server.
 +
  As shown, I choose a hostname '''rut955.teltonika.uae''' and it's linked with '''172.16.16.1''' the LAN IP of the router.
 +
  This hostname will be used for creating the certificate later.
  
== <big>Certificate creation and trust</big> ==
+
#2 Go to: [https://getacert.com/cert/selfcertalt.pl '''GetAcert'''] website.
1. You must have a DNS record linked to the IP of the router; in my case, I’m using a Windows server to act as a DNS server.
+
#3 Fill in the information regarding your requirements:
    As shown, I choose the hostname '''rut955.teltonika.uae''' and it's linked with '''172.16.16.1''' the LAN IP of the router.
 
    This hostname will be used for creating the certificate later.
 
  
2. Go to: [https://getacert.com/cert/selfcertalt.pl '''GetAcert'''] website.
+
[[File:Getacert1.png|center]]
 +
    '''NOTE:''' 1,2 and 3 are the names you want to use in the browser.
 +
    Other information isn’t mandatory. Click '''Next Page'''.
 +
 
 +
#4 Check the data once again, if everything is okay click '''Submit self-signed Certificate''':
  
3. Fill in the information regarding your requirements:
+
[[File:Getacert2.png|center]]
[[File:Getacert1.png|center|alt=|border|1102x1102px]]
 
    '''NOTE:''' 1,2 and 3 are the names you will use in the browser.
 
    Other information isn’t mandatory. Click '''Next Page'''.
 
  
4. Check the data once again, if everything is okay click '''Submit self-signed Certificate''':
+
#5 The final page:
 +
[[File:Getacert3.png|center]]
  
[[File:Getacert2.png|center|alt=|border]]
+
#6 Click on (+) beside '''Open Private Key''':
  
5. The final page:
+
[[File:Getacert4.png|center]]
[[File:Getacert3.png|center|alt=|border|1102x1102px]]
 
<br>
 
6. Click on (+) beside '''Open Private Key''':
 
[[File:Getacert4.png|center|alt=|border|1102x1102px]]
 
  
 
Copy the text to a new Notepad file, and rename it to '''name.crt''' in my case I used a simple name '''cer.crt'''
 
Copy the text to a new Notepad file, and rename it to '''name.crt''' in my case I used a simple name '''cer.crt'''
 +
#7 Click on (+) beside Open Public Key:
 +
[[File:Getacert5.png|center]]
 +
 +
Copy the text to a new Notepad file, and rename it to '''name.key''' in my case I used a simple name '''key.key'''
 +
#8 Click on the [.p12] file, and it will be downloaded:<br />
 +
[[File:Getacert6.png|center]]
  
<br>
+
#9 Go to the Microsoft search bar and type: '''cer''' then choose Manage user certificates:<br />
7. Click on (+) beside Open Public Key:
+
[[File:Windows1.png|center]]
[[File:Getacert5.png|center|alt=|border|1102x1102px]]
 
  
Copy the text to a new Notepad file, and rename it to '''name.key''' in my case I used a simple name '''key.key'''
+
#10 Go to Trusted Root Certification Authorities:<br />
 +
[[File:Windows2.png|center]]
  
<br>
+
#11 Right-click and highlight '''All Tasks''', click '''Import…'''
8. Click on the [.p12] file, and it will be downloaded:
 
[[File:Getacert6.png|center|alt=|border|1102x1102px]] 
 
<br>
 
9. Go to the Microsoft search bar and type: '''cer''' then choose Manage user certificates: 
 
  
[[File:Windows1.png|center|alt=|border]]
+
[[File:Windows3.png|center]]
<br>
 
10. Go to Trusted Root Certification Authorities:
 
[[File:Windows2.png|center|alt=|border|1102x1102px]]
 
<br>
 
11. Right-click and highlight '''All Tasks''', click '''Import…'''[[File:Windows3.png|center|alt=|border|1102x1102px]]
 
<br>
 
  
12. Choose the ".p12" file downloaded before:
+
#12 Choose the .p12 file downloaded before:<br />
 +
[[File:Windows4.png|center|alt=|frame]]
  
[[File:Windows4.png|center|alt=|border]]
 
  
Then '''Next''', '''Next''', then '''Finish'''.
+
Then '''Next''', then '''Next''', then '''Finish'''.
  
== <big>Device configuration</big> ==
+
== <sup>'''<big><big><u>RUT configuration:</u></big></big>'''</sup> ==
 +
    The final part:
 
     Go to '''System''' → '''Access Control''' → '''WEBUI'''
 
     Go to '''System''' → '''Access Control''' → '''WEBUI'''
  
 
1) Turn off '''Certificate files from device'''.
 
1) Turn off '''Certificate files from device'''.
[[File:RUT1.png|center|alt=|border|1102x1102px]]
+
[[File:RUT1.png|center]]
 +
 
  
 
2) Click browse in '''Server certificate''' and choose the [.crt] file created.
 
2) Click browse in '''Server certificate''' and choose the [.crt] file created.
  
 
3) Click browse in '''Server key''' and choose the [.key] file created.
 
3) Click browse in '''Server key''' and choose the [.key] file created.
[[File:RUT2.png|center|alt=|border|1102x1102px]]
+
[[File:RUT2.png|center]]
  
 
4) Click '''SAVE & APPLY'''.
 
4) Click '''SAVE & APPLY'''.
  
<sup><big>
 
<br>
 
5) Open the WebUI again using the DNS record:</big></sup>
 
[[File:Windows done.png|center|alt=|border|1102x1102px]]
 
Now we can access the WebUI securely, and we can turn off the HTTP access.
 
 
== <big>See Also</big> ==
 
  
* [[Remote WebUI Access]]
+
<sup>'''<big><big>Open the WebUI again using the DNS record:</big></big>'''</sup>
* [[Unblocking WebUI Access]]
+
[[File:Windows done.png|center]]
[[Category:Router control and monitoring]]
+
'''<big>Now we can access the WebUI securely, and we can turn of the HTTP access.</big>'''

Revision as of 11:58, 1 November 2022

Main Page > General Information > Configuration Examples > Router control and monitoring > Removing of HTTPS security warning

For accessing the device WebaUI using HTTPS it requires a certificate, else it will show the below error:

16.png

In this example, we will be able to access the device webpage using HTTPs, with a free certificate from a free CA.

Certificate creation and trust:

  1. 1 You must have a DNS record linked to the IP of the router; in my case, I’m using a Windows server to act as a DNS server.
 As shown, I choose a hostname rut955.teltonika.uae and it's linked with 172.16.16.1 the LAN IP of the router.
 This hostname will be used for creating the certificate later.
  1. 2 Go to: GetAcert website.
  2. 3 Fill in the information regarding your requirements:
Getacert1.png
   NOTE: 1,2 and 3 are the names you want to use in the browser.
   Other information isn’t mandatory. Click Next Page.
  1. 4 Check the data once again, if everything is okay click Submit self-signed Certificate:
Getacert2.png
  1. 5 The final page:
Getacert3.png
  1. 6 Click on (+) beside Open Private Key:
Getacert4.png

Copy the text to a new Notepad file, and rename it to name.crt in my case I used a simple name cer.crt

  1. 7 Click on (+) beside Open Public Key:
Getacert5.png

Copy the text to a new Notepad file, and rename it to name.key in my case I used a simple name key.key

  1. 8 Click on the [.p12] file, and it will be downloaded:
Getacert6.png
  1. 9 Go to the Microsoft search bar and type: cer then choose Manage user certificates:
Windows1.png
  1. 10 Go to Trusted Root Certification Authorities:
Windows2.png
  1. 11 Right-click and highlight All Tasks, click Import…
Windows3.png
  1. 12 Choose the .p12 file downloaded before:


Then Next, then Next, then Finish.

RUT configuration:

   The final part:
   Go to SystemAccess ControlWEBUI

1) Turn off Certificate files from device.

RUT1.png


2) Click browse in Server certificate and choose the [.crt] file created.

3) Click browse in Server key and choose the [.key] file created.

RUT2.png

4) Click SAVE & APPLY.


Open the WebUI again using the DNS record:

Windows done.png

Now we can access the WebUI securely, and we can turn of the HTTP access.

Retrieved from "https://wiki.teltonika-networks.com/index.php?title=Removing_of_HTTPS_security_warning&oldid=97667"