When using default SSL certificates in GLKVM, does the private key always the identical in same model of different IPKVM device burned by same firmware image?
I am concert that the TLS encryption will be compromised when using default SSL certificate, Is there any way to regenerate the key and cert pair?
The encryption isn't compromised, but the authentication is (in other words nobody can snoop on your traffic, but if someone broke into your network and gave a device the same hostname/IP address is yours they could trick you into logging into their system and steal your password - not likely but possible).
If you click the shield in the upper right (in v1.8.0) you can upload your own certificate, including one that is checked by a proper CA if you configure a fullly qualified domain name.
No, each device is issued a newly generated random certificate and key pair.
Nice, so there is no cert in the image? That mitigates the authentication issue a bit (although for most people it's still just another "invalid" cert, so I'd recommend a FQDN and public cert from someplace like Let's Encrypt for most users, or defining your own CA for Enterprise/security pro users).
If all device using the same cert and key then it will be a huge security issue.
You'd be surprised how many devices I've seen with fixed default certs just installed in the firmware image, good job for generating new ones on boot!
Is it possible to regenerate the “default“ key-cert pair with the same facility used by GLKVM generating the key-cert pair at the very beginning?
reset default OR see `/etc/init.d/S99kvmd-nginx`