ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Do you setup SSL for Intranet websites only

    IT Discussion
    ssl internal websites
    10
    27
    2.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DustinB3403D
      DustinB3403
      last edited by DustinB3403

      Near-zero value in someone attacking is what I meant. Not a zero-value in what is provided by the systems. Also there is nothing confidential or needing "security" from a business perspective, which is why I ask is SSL worth it for these types of Intranet sites?

      ObsolesceO 1 Reply Last reply Reply Quote 0
      • JaredBuschJ
        JaredBusch @DustinB3403
        last edited by JaredBusch

        @dustinb3403 said in Do you setup SSL for Intranet websites only:

        @dafyre I get the point, but these systems literally go no where. It's a dead end even if anyone was sniffing my network.

        There was no point to his post. SO to say you get it means you are reading into something or assuming something.

        @dustinb3403 said in Do you setup SSL for Intranet websites only:

        @JaredBusch I'm assuming you think it wouldn't be worth it for these tiny systems?

        Stop and think about the process, this is not that hard to understand.
        How would you even get a trusted certificate on the box?
        LE works buy reaching back to you to verify the server nonce and issues the certificate. You cannot do that because that ONLY works on http/https. You cannot forward that through your router to everything. That is not how networking works.

        You can try to DNS verification, but then you need to have public DNS records for all of these servers and associated text records with the challenge nonce. That is in addition to your internal DNS being setup to route to these systems.

        Or you buy long term certs (or a wildcard) form someplace and use that. That at least only needs configured once every year or two.

        dafyreD 1 Reply Last reply Reply Quote 2
        • dafyreD
          dafyre @JaredBusch
          last edited by

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • dafyreD
            dafyre @JaredBusch
            last edited by

            @jaredbusch said in Do you setup SSL for Intranet websites only:

            Or you buy long term certs (or a wildcard) form someplace and use that. That at least only needs configured once every year or two.

            But then you're still left with "is it worth paying for?"

            There are clients out there that will automate the DNS checks and such for you if your DNS provider has an API. I've got one I'm testing now, but I just ran across it a day or so again. If it works well, I'll post it.

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller
              last edited by

              Or you use self signed certs.

              DustinB3403D 1 Reply Last reply Reply Quote 0
              • DustinB3403D
                DustinB3403 @scottalanmiller
                last edited by

                @scottalanmiller said in Do you setup SSL for Intranet websites only:

                Or you use self signed certs.

                But is that even worth it, it's added setup for something that goes to a dead-end in terms of systems. The logins have no association with anything else on the network, and there is nothing critically location on these systems that (in my case) warrants needing to be secured.

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • D
                  DarienA
                  last edited by

                  Sometimes we do, sometimes we don't... great answer right?

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @DustinB3403
                    last edited by

                    @dustinb3403 said in Do you setup SSL for Intranet websites only:

                    @scottalanmiller said in Do you setup SSL for Intranet websites only:

                    Or you use self signed certs.

                    But is that even worth it, it's added setup for something that goes to a dead-end in terms of systems. The logins have no association with anything else on the network, and there is nothing critically location on these systems that (in my case) warrants needing to be secured.

                    Its' so easy to do, why not?

                    Is it necessary? No. But the effort is so small, might easily be worth it.

                    JaredBuschJ 1 Reply Last reply Reply Quote 0
                    • JaredBuschJ
                      JaredBusch @scottalanmiller
                      last edited by

                      @scottalanmiller said in Do you setup SSL for Intranet websites only:

                      @dustinb3403 said in Do you setup SSL for Intranet websites only:

                      @scottalanmiller said in Do you setup SSL for Intranet websites only:

                      Or you use self signed certs.

                      But is that even worth it, it's added setup for something that goes to a dead-end in terms of systems. The logins have no association with anything else on the network, and there is nothing critically location on these systems that (in my case) warrants needing to be secured.

                      Its' so easy to do, why not?

                      Is it necessary? No. But the effort is so small, might easily be worth it.

                      Self-signed or horrid. Because your browser does not trust them and you have to click through warnings. you don't want to be in that habit.

                      1 Reply Last reply Reply Quote 1
                      • DonahueD
                        Donahue
                        last edited by

                        I've never bothered to setup a certificate for anything internal. I know who they are even if the browser doesn't.

                        DustinB3403D 1 Reply Last reply Reply Quote 0
                        • DustinB3403D
                          DustinB3403 @Donahue
                          last edited by

                          @donahue said in Do you setup SSL for Intranet websites only:

                          I've never bothered to setup a certificate for anything internal. I know who they are even if the browser doesn't.

                          That's my stance as well.

                          1 Reply Last reply Reply Quote 0
                          • black3dynamiteB
                            black3dynamite
                            last edited by black3dynamite

                            Self-signed isn't too bad if you have a way to install your own Root CA to the computers.

                            JaredBuschJ 1 Reply Last reply Reply Quote 0
                            • dbeatoD
                              dbeato
                              last edited by

                              In a windows environment with AD I setup a domain CA and all the servers and devices get an internal SSL that is trusted by the devices joined to the domain. That's the only use I do for internal SSLs but it takes some time to setup though.

                              1 Reply Last reply Reply Quote 1
                              • JaredBuschJ
                                JaredBusch @black3dynamite
                                last edited by

                                @black3dynamite said in Do you setup SSL for Intranet websites only:

                                Self-signed isn't too bad if you have a way to install your own Root CA to the computers.

                                That is not self signed. That is signed by a trusted (local) CA.

                                scottalanmillerS 1 Reply Last reply Reply Quote 0
                                • FiyaFlyF
                                  FiyaFly
                                  last edited by

                                  I plan to. However, I'm still learning the whole process for a local root CA and have hundreds of projects that are currently higher priority so I haven't had time to look into it.

                                  black3dynamiteB 1 Reply Last reply Reply Quote 0
                                  • black3dynamiteB
                                    black3dynamite @FiyaFly
                                    last edited by

                                    @fiyafly said in Do you setup SSL for Intranet websites only:

                                    I plan to. However, I'm still learning the whole process for a local root CA and have hundreds of projects that are currently higher priority so I haven't had time to look into it.

                                    Here’s a few sites I’ve been using to setup a local CA.

                                    This one is pretty basic.
                                    https://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/

                                    https://devcentral.f5.com/articles/building-an-openssl-certificate-authority-introduction-and-design-considerations-for-elliptical-curves-27720

                                    https://jamielinux.com/docs/openssl-certificate-authority/introduction.html

                                    1 Reply Last reply Reply Quote 1
                                    • scottalanmillerS
                                      scottalanmiller @JaredBusch
                                      last edited by

                                      @jaredbusch said in Do you setup SSL for Intranet websites only:

                                      @black3dynamite said in Do you setup SSL for Intranet websites only:

                                      Self-signed isn't too bad if you have a way to install your own Root CA to the computers.

                                      That is not self signed. That is signed by a trusted (local) CA.

                                      I think that local CA is us, we often think of it as self signed. Just a way to trust something that we signed ourselves.

                                      JaredBuschJ 1 Reply Last reply Reply Quote 0
                                      • JaredBuschJ
                                        JaredBusch @scottalanmiller
                                        last edited by

                                        @scottalanmiller said in Do you setup SSL for Intranet websites only:

                                        @jaredbusch said in Do you setup SSL for Intranet websites only:

                                        @black3dynamite said in Do you setup SSL for Intranet websites only:

                                        Self-signed isn't too bad if you have a way to install your own Root CA to the computers.

                                        That is not self signed. That is signed by a trusted (local) CA.

                                        I think that local CA is us, we often think of it as self signed. Just a way to trust something that we signed ourselves.

                                        A local CA, is nothing like a system generating a basic self signed cert.

                                        A local CA can (more) easily be trusted by all browsers on the network.

                                        Self-signed certs would all have to be individually trusted.

                                        1 Reply Last reply Reply Quote 2
                                        • DonahueD
                                          Donahue
                                          last edited by

                                          are there any good articles on how to create a local CA?

                                          black3dynamiteB 1 Reply Last reply Reply Quote 0
                                          • black3dynamiteB
                                            black3dynamite @Donahue
                                            last edited by black3dynamite

                                            @donahue said in Do you setup SSL for Intranet websites only:

                                            are there any good articles on how to create a local CA?

                                            https://mangolassi.it/topic/18175/do-you-setup-ssl-for-intranet-websites-only/22

                                            The second link one is an updated version based on the third link.

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post