I have a server with a Web-GUI which can handle both HTTP/HTTPS requests. To support HTTPS mode, a certificate file and a private key file should be provided to the server. Therefore, there should be a way for a user to load such files via a Web-GUI.
I've created a form for test purposes that allows a user to select a certificate (.crt) file and a private key (.key) file and send them to the server. The files are sent to the server as is, without any additional encoding. I suppose that sending a private key file via network is not safe, especially using HTTP.
How a GUI for loading x509 certificates to a server can look like from that perspective? What is the right way to load these files to a server? Is it a valid approach itself to allow a user (with administrator rights) to load certificates and private keys to the server?
Aucun commentaire:
Enregistrer un commentaire