Configure HTTPS #3359

dsanges · 2023-01-31T15:36:36Z

dsanges
Jan 31, 2023

Describe the bug
Hi
I am configuring HTTPS with a certificate issued by a custom CA.
I uploaded the key, the certificate and the CA Custom (figure 1) then I enabled (figure 2).

The Custom CA is among my client's trusted CAs.
When I enter the site in HTTPS I get the following error:
the certificate is invalid
NET::ERR_CERT_COMMON_NAME_INVALID
Subject: whistleblowing.agea.gov.it

But this is not the case, the CN of the certificate (whistleblowing.agea.gov.it) coincides with the host of the url (https://whistleblowing.agea.gov.it/...) and the hostname of the server.

Below is the public certificate in pem format
whistleblowing.agea.gov.it.cer.txt

Do you have any idea what it could be about?

Desktop (please complete the following information):

OS: Ubuntu 20.04.5 LTS
Globaleaks: 4.10.14
Browser: Chrome 109.0.5414.120

evilaliv3 · 2023-01-31T15:50:27Z

evilaliv3
Jan 31, 2023
Maintainer

Thank you @dsanges

We are not aware on any issue on this part but we are happy to check your setup from an external point of view

I'm trying to connect to your site to see the error but its seems is not available.

Please let us know when you will proceed with the setup and we could find the platform online to check.

0 replies

dsanges · 2023-01-31T15:59:12Z

dsanges
Jan 31, 2023
Author

Thanks for the quick response.
The site is not public so you cannot reach it
it can only be reached from the company intranet

For this reason I have tried to give you as much information as possible.

0 replies

dsanges · 2023-01-31T17:05:37Z

dsanges
Jan 31, 2023
Author

I have a HAProxy in front.
Could it be the cause of the problem?

0 replies

evilaliv3 · 2023-01-31T17:22:32Z

evilaliv3
Jan 31, 2023
Maintainer

Thank you @dsanges

It is very likely that this is the case.

I would like to clarify that the design of globaleaks is invalidated when a proxy is put in front of it; the proxy could either log the connections, intercept the data, and possilbly leak the data on the storage of the proxy itself. I invite you to check all these details.

0 replies

giorgiofraschini · 2023-02-01T08:18:23Z

giorgiofraschini
Feb 1, 2023

I would warn the client that public administrations cannot make the platform accessible from intranet only and make restrictions to access. Law n.179/2017 also makes employees and collaborators of supplying companies eligible to report through the internal channels and they would be excluded from this legal right.
Anticorruption Authority in its guidelines reinforces the need to have the platform on internet.

0 replies

dsanges · 2023-02-01T09:04:45Z

dsanges
Feb 1, 2023
Author

Yes, we are currently experimenting.
Many thanks to both of you for the clarifications

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GLOBALEAKS

Configure HTTPS #3359

{{title}}

Replies: 6 comments

{{title}}

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

Select a reply

GLOBALEAKS

Configure HTTPS #3359

dsanges Jan 31, 2023

Replies: 6 comments

evilaliv3 Jan 31, 2023 Maintainer

dsanges Jan 31, 2023 Author

dsanges Jan 31, 2023 Author

evilaliv3 Jan 31, 2023 Maintainer

giorgiofraschini Feb 1, 2023

dsanges Feb 1, 2023 Author

dsanges
Jan 31, 2023

evilaliv3
Jan 31, 2023
Maintainer

dsanges
Jan 31, 2023
Author

dsanges
Jan 31, 2023
Author

evilaliv3
Jan 31, 2023
Maintainer

giorgiofraschini
Feb 1, 2023

dsanges
Feb 1, 2023
Author