3
littleblackbox is publishing "private keys" that are accessible on publicly available firmwares. Debian calls these "snake-oil" certs. Most of these routers are securing their HTTPS certs with these, and as I think about it, I've never seen one of these internal admin websites with certs that wasn't self signed.
Given a webserver on IP 192.168.1.1, how do you secure it to the point that Firefox doesn't offer warnings (and is still secured)?
Lets assume I can install a new SSL cert. What should I use for the domain? Surely CAs won't sign an IP address. – jldugger – 2011-01-06T15:57:02.090
@jldugger: I think most will sign a certificate with an IP address as the Common Name. – DerfK – 2011-01-06T16:14:32.237
3
Also since this is presumably your own environment you can establish a hostname for the router and use that...and, again, you can just create your own CA and configure your browser to trust it, and then you can call things whatever the heck you want. For example, http://www.debian-administration.org/articles/618.
– larsks – 2011-01-06T16:28:55.973