ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt

    Scheduled Pinned Locked Moved IT Discussion
    sslssl certificateslets encryptiiswindowswindows serveracmessl wildcard
    19 Posts 6 Posters 15.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • travisdh1T
      travisdh1 @scottalanmiller
      last edited by

      @scottalanmiller Wildcard certs work now, so the Exchange server needing 4 just for it is now this easy?

      scottalanmillerS 1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @travisdh1
        last edited by

        @travisdh1 said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

        @scottalanmiller Wildcard certs work now, so the Exchange server needing 4 just for it is now this easy?

        In theory, yeah.

        travisdh1T 1 Reply Last reply Reply Quote 1
        • travisdh1T
          travisdh1 @scottalanmiller
          last edited by

          @scottalanmiller said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

          @travisdh1 said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

          @scottalanmiller Wildcard certs work now, so the Exchange server needing 4 just for it is now this easy?

          In theory, yeah.

          I might have to try spinning up a temp one to try this. Could make life that much easier for a bunch of us at work.

          1 Reply Last reply Reply Quote 0
          • PhlipElderP
            PhlipElder @scottalanmiller
            last edited by

            @scottalanmiller Is this for self-issued certificates?

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @PhlipElder
              last edited by

              @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

              @scottalanmiller Is this for self-issued certificates?

              No, this is for LetsEncrypt certs.

              PhlipElderP 1 Reply Last reply Reply Quote 0
              • magicmarkerM
                magicmarker
                last edited by

                Is the Win-ACME tool scheduling the renewal of the LetsEncrypt SSL certificates?

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @magicmarker
                  last edited by

                  @magicmarker said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                  Is the Win-ACME tool scheduling the renewal of the LetsEncrypt SSL certificates?

                  It doesn't do the scheduling itself, but recommends that you schedule it with the task scheduler to auto-renew.

                  1 Reply Last reply Reply Quote 0
                  • PhlipElderP
                    PhlipElder @scottalanmiller
                    last edited by

                    @scottalanmiller said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                    @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                    @scottalanmiller Is this for self-issued certificates?

                    No, this is for LetsEncrypt certs.

                    I must admit, this is the first time I've heard of them.

                    I've looked at the site and if I read things correctly, we can use their certificates for Remote Desktop Services publishing where we have an internal domain setup?

                    JaredBuschJ 1 Reply Last reply Reply Quote 0
                    • JaredBuschJ
                      JaredBusch @PhlipElder
                      last edited by

                      @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                      @scottalanmiller said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                      @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                      @scottalanmiller Is this for self-issued certificates?

                      No, this is for LetsEncrypt certs.

                      I must admit, this is the first time I've heard of them.

                      Seriously? You need to get out more.

                      PhlipElderP 1 Reply Last reply Reply Quote 0
                      • JaredBuschJ
                        JaredBusch
                        last edited by

                        @scottalanmiller my problem with Certs on Windows, in general, is that you almost always have to copy it around to multiple servers to make everything work well, and that jsut defeats the purpose of LE.

                        PhlipElderP 1 Reply Last reply Reply Quote 2
                        • PhlipElderP
                          PhlipElder @JaredBusch
                          last edited by

                          @jaredbusch said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                          @scottalanmiller my problem with Certs on Windows, in general, is that you almost always have to copy it around to multiple servers to make everything work well, and that jsut defeats the purpose of LE.

                          Based on what is on the site, Microsoft has an intrinsic trust with LE's root store. I should be able to set up a RD Session Host with a LE certificate for publishing and there should be no untrusted publisher for RemoteApps or Session Host desktops once the certificate's thumbprint is published via Group Policy?

                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                          • PhlipElderP
                            PhlipElder @JaredBusch
                            last edited by

                            @jaredbusch said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                            @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                            @scottalanmiller said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                            @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                            @scottalanmiller Is this for self-issued certificates?

                            No, this is for LetsEncrypt certs.

                            I must admit, this is the first time I've heard of them.

                            Seriously? You need to get out more.

                            Heh … that's one of the reasons I'm on this forum. 🙂

                            1 Reply Last reply Reply Quote 0
                            • tonyshowoffT
                              tonyshowoff
                              last edited by tonyshowoff

                              Glad they finally got wildcard. For years every time SSL cert cost came up on slashdot I argued that it was basically a scam and was even more irritated when everyone seemingly at the same time went to require signed certificates. It was like Verisign bribed everyone. LetsEncrypt made life better and I was disappointed they didn't support wildcards for a while but glad to see it finally.

                              So much for all those counter arguments on slashdot that the cost is for the insurance in case the certificate doesn't properly work or something else unclear, as if any of the potential problems wouldn't also be a problem for the entire Internet infrastructure when it came to security. Really people are just paying thousands of dollars in some cases for 640 bytes, or whatever, to be stored at a server somewhere and some requests for verification from time to time. It's a racket. If you want a CA though still gotta pay through the nose unless you push your CA cert to all the work stations in your business or whatever.

                              LetsEncrypt is the best thing to happen to the Internet, but especially the web, since IPSec and SSL itself.

                              1 Reply Last reply Reply Quote 2
                              • scottalanmillerS
                                scottalanmiller @PhlipElder
                                last edited by

                                @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                                @jaredbusch said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                                @scottalanmiller my problem with Certs on Windows, in general, is that you almost always have to copy it around to multiple servers to make everything work well, and that jsut defeats the purpose of LE.

                                Based on what is on the site, Microsoft has an intrinsic trust with LE's root store. I should be able to set up a RD Session Host with a LE certificate for publishing and there should be no untrusted publisher for RemoteApps or Session Host desktops once the certificate's thumbprint is published via Group Policy?

                                One would hope that they would. LE is like the standard in SSL Certs. It's from the EFF, way more trustworthy than other cert authorities, IMHO.

                                PhlipElderP 1 Reply Last reply Reply Quote 0
                                • PhlipElderP
                                  PhlipElder @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                                  @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                                  @jaredbusch said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                                  @scottalanmiller my problem with Certs on Windows, in general, is that you almost always have to copy it around to multiple servers to make everything work well, and that jsut defeats the purpose of LE.

                                  Based on what is on the site, Microsoft has an intrinsic trust with LE's root store. I should be able to set up a RD Session Host with a LE certificate for publishing and there should be no untrusted publisher for RemoteApps or Session Host desktops once the certificate's thumbprint is published via Group Policy?

                                  One would hope that they would. LE is like the standard in SSL Certs. It's from the EFF, way more trustworthy than other cert authorities, IMHO.

                                  Snag: Valid for 90 days. In larger RDS farm settings this would be a bear to manage. That means the need for an automated process.

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @PhlipElder
                                    last edited by

                                    @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                                    @scottalanmiller said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                                    @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                                    @jaredbusch said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                                    @scottalanmiller my problem with Certs on Windows, in general, is that you almost always have to copy it around to multiple servers to make everything work well, and that jsut defeats the purpose of LE.

                                    Based on what is on the site, Microsoft has an intrinsic trust with LE's root store. I should be able to set up a RD Session Host with a LE certificate for publishing and there should be no untrusted publisher for RemoteApps or Session Host desktops once the certificate's thumbprint is published via Group Policy?

                                    One would hope that they would. LE is like the standard in SSL Certs. It's from the EFF, way more trustworthy than other cert authorities, IMHO.

                                    Snag: Valid for 90 days. In larger RDS farm settings this would be a bear to manage. That means the need for an automated process.

                                    It is expected to be automated. SSL Cert updates should not be intrusive. All of the tools for LE SSL Certs are designed around the idea that you will automate them and never need to worry about them again. It's about being less of a snag, not more of one.

                                    PhlipElderP 1 Reply Last reply Reply Quote 0
                                    • PhlipElderP
                                      PhlipElder @scottalanmiller
                                      last edited by

                                      @scottalanmiller said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                                      @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                                      @scottalanmiller said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                                      @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                                      @jaredbusch said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                                      @scottalanmiller my problem with Certs on Windows, in general, is that you almost always have to copy it around to multiple servers to make everything work well, and that jsut defeats the purpose of LE.

                                      Based on what is on the site, Microsoft has an intrinsic trust with LE's root store. I should be able to set up a RD Session Host with a LE certificate for publishing and there should be no untrusted publisher for RemoteApps or Session Host desktops once the certificate's thumbprint is published via Group Policy?

                                      One would hope that they would. LE is like the standard in SSL Certs. It's from the EFF, way more trustworthy than other cert authorities, IMHO.

                                      Snag: Valid for 90 days. In larger RDS farm settings this would be a bear to manage. That means the need for an automated process.

                                      It is expected to be automated. SSL Cert updates should not be intrusive. All of the tools for LE SSL Certs are designed around the idea that you will automate them and never need to worry about them again. It's about being less of a snag, not more of one.

                                      Got it thanks. Looks like a bit of a learning curve then. 🙂

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @PhlipElder
                                        last edited by

                                        @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                                        @scottalanmiller said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                                        @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                                        @scottalanmiller said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                                        @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                                        @jaredbusch said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

                                        @scottalanmiller my problem with Certs on Windows, in general, is that you almost always have to copy it around to multiple servers to make everything work well, and that jsut defeats the purpose of LE.

                                        Based on what is on the site, Microsoft has an intrinsic trust with LE's root store. I should be able to set up a RD Session Host with a LE certificate for publishing and there should be no untrusted publisher for RemoteApps or Session Host desktops once the certificate's thumbprint is published via Group Policy?

                                        One would hope that they would. LE is like the standard in SSL Certs. It's from the EFF, way more trustworthy than other cert authorities, IMHO.

                                        Snag: Valid for 90 days. In larger RDS farm settings this would be a bear to manage. That means the need for an automated process.

                                        It is expected to be automated. SSL Cert updates should not be intrusive. All of the tools for LE SSL Certs are designed around the idea that you will automate them and never need to worry about them again. It's about being less of a snag, not more of one.

                                        Got it thanks. Looks like a bit of a learning curve then. 🙂

                                        It's not bad. I find learning the LE pieces easier than learning to do it the old fashioned way 🙂 And with LE it is "learn once and ignore", rather than "learn once, forget, do again in a year or two all over again."

                                        1 Reply Last reply Reply Quote 1
                                        • 1 / 1
                                        • First post
                                          Last post