Where can I learn more about SSL certs?

black3dynamite

This is 5-part article about setting up your CA is pretty good.
https://devcentral.f5.com/s/articles/building-an-openssl-certificate-authority-introduction-and-design-considerations-for-elliptical-curves-27720

Blog posts on Altaro.
https://www.altaro.com/hyper-v/public-key-infrastructure/
https://www.altaro.com/hyper-v/wsl-offline-root-certificate-authority-windows-pki/
https://www.altaro.com/hyper-v/windows-ssl-certificate-templates/
https://www.altaro.com/hyper-v/request-ssl-windows-certificate-server/
https://www.altaro.com/hyper-v/view-revoke-manually-approve-certificates/

travisdh1

https://letsencrypt.org/

No reason to not use https anymore. Automate renewal with letsencrypt tools. It's what I use for my home lab web services.

scottalanmiller

@travisdh1 said in Where can I learn more about SSL certs?:

https://letsencrypt.org/

No reason to not use https anymore. Automate renewal with letsencrypt tools. It's what I use for my home lab web services.

For public that's super easy. For intranet it is often a pain in the butt.

DustinB3403

Who is using HTTPS for Intranet websites specifically?

You can't trust the server that is less than X feet from you? OKAY. . .

travisdh1

@DustinB3403 said in Where can I learn more about SSL certs?:

Who is using HTTPS for Intranet websites specifically?

You can't trust the server that is less than X feet from you? OKAY. . .

Ah, I missed the intranet from OP

EddieJennings

@DustinB3403 said in Where can I learn more about SSL certs?:

Who is using HTTPS for Intranet websites specifically?

If feasible, I would. My approach is to default to using HTTPS.

Dashrender

@Pete-S said in Where can I learn more about SSL certs?:

And also intranet sites that have split DNS (are both local and external)?

This part is easy - you just set it up like any normal, on the web, webserver - i.e. most likely you'll use a LE cert.

Dashrender

@DustinB3403 said in Where can I learn more about SSL certs?:

Who is using HTTPS for Intranet websites specifically?

You can't trust the server that is less than X feet from you? OKAY. . .

I would consider this to be the modern, better way to do things.

This really drives home the LANLess infrastructure... ie get away from simply trusting your local network.

Dashrender

Of course using a self signed cert will require you to deploy the signing CA's public cert manually to all workstations that need to trust that cert, otherwise you're users computers will complain about untrusted certs.

1337

@DustinB3403 said in Where can I learn more about SSL certs?:

Who is using HTTPS for Intranet websites specifically?

You can't trust the server that is less than X feet from you? OKAY. . .

Just because it's on the LAN doesn't imply that it's close. It could be in the cloud, at some provider, over VPN links, another branch office etc, etc.

1337

@black3dynamite said in Where can I learn more about SSL certs?:

This is 5-part article about setting up your CA is pretty good.
https://devcentral.f5.com/s/articles/building-an-openssl-certificate-authority-introduction-and-design-considerations-for-elliptical-curves-27720

Blog posts on Altaro.
https://www.altaro.com/hyper-v/public-key-infrastructure/
https://www.altaro.com/hyper-v/wsl-offline-root-certificate-authority-windows-pki/
https://www.altaro.com/hyper-v/windows-ssl-certificate-templates/
https://www.altaro.com/hyper-v/request-ssl-windows-certificate-server/
https://www.altaro.com/hyper-v/view-revoke-manually-approve-certificates/

Thanks! I've started to read the info.