Where can I learn more about SSL certs?
-
Where can I learn more about how to use SSL certs in general and how setup up a CA and then SSL cert for intranet sites in particular? And also intranet sites that have split DNS (are both local and external)? In an linux environment.
I don't know enough about how SSL certs work as we for most part deal with intranet sites that are http only.
I know that many of you deal with these things on a regular basis.
-
This is 5-part article about setting up your CA is pretty good.
https://devcentral.f5.com/s/articles/building-an-openssl-certificate-authority-introduction-and-design-considerations-for-elliptical-curves-27720Blog posts on Altaro.
https://www.altaro.com/hyper-v/public-key-infrastructure/
https://www.altaro.com/hyper-v/wsl-offline-root-certificate-authority-windows-pki/
https://www.altaro.com/hyper-v/windows-ssl-certificate-templates/
https://www.altaro.com/hyper-v/request-ssl-windows-certificate-server/
https://www.altaro.com/hyper-v/view-revoke-manually-approve-certificates/ -
No reason to not use https anymore. Automate renewal with letsencrypt tools. It's what I use for my home lab web services.
-
@travisdh1 said in Where can I learn more about SSL certs?:
No reason to not use https anymore. Automate renewal with letsencrypt tools. It's what I use for my home lab web services.
For public that's super easy. For intranet it is often a pain in the butt.
-
Who is using HTTPS for Intranet websites specifically?
You can't trust the server that is less than X feet from you? OKAY. . .
-
@DustinB3403 said in Where can I learn more about SSL certs?:
Who is using HTTPS for Intranet websites specifically?
You can't trust the server that is less than X feet from you? OKAY. . .
Ah, I missed the intranet from OP
-
@DustinB3403 said in Where can I learn more about SSL certs?:
Who is using HTTPS for Intranet websites specifically?
If feasible, I would. My approach is to default to using HTTPS.
-
@Pete-S said in Where can I learn more about SSL certs?:
And also intranet sites that have split DNS (are both local and external)?
This part is easy - you just set it up like any normal, on the web, webserver - i.e. most likely you'll use a LE cert.
-
@DustinB3403 said in Where can I learn more about SSL certs?:
Who is using HTTPS for Intranet websites specifically?
You can't trust the server that is less than X feet from you? OKAY. . .
I would consider this to be the modern, better way to do things.
This really drives home the LANLess infrastructure... ie get away from simply trusting your local network.
-
Of course using a self signed cert will require you to deploy the signing CA's public cert manually to all workstations that need to trust that cert, otherwise you're users computers will complain about untrusted certs.
-
@DustinB3403 said in Where can I learn more about SSL certs?:
Who is using HTTPS for Intranet websites specifically?
You can't trust the server that is less than X feet from you? OKAY. . .
Just because it's on the LAN doesn't imply that it's close. It could be in the cloud, at some provider, over VPN links, another branch office etc, etc.
-
@black3dynamite said in Where can I learn more about SSL certs?:
This is 5-part article about setting up your CA is pretty good.
https://devcentral.f5.com/s/articles/building-an-openssl-certificate-authority-introduction-and-design-considerations-for-elliptical-curves-27720Blog posts on Altaro.
https://www.altaro.com/hyper-v/public-key-infrastructure/
https://www.altaro.com/hyper-v/wsl-offline-root-certificate-authority-windows-pki/
https://www.altaro.com/hyper-v/windows-ssl-certificate-templates/
https://www.altaro.com/hyper-v/request-ssl-windows-certificate-server/
https://www.altaro.com/hyper-v/view-revoke-manually-approve-certificates/Thanks! I've started to read the info.
