ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Do you setup SSL for Intranet websites only

    IT Discussion
    ssl internal websites
    10
    27
    2.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DustinB3403
      last edited by DustinB3403

      So simple question, do you setup SSL for websites that will never be public facing? I have a few things that I am considering, but these are so tiny (users and viewers) and never public facing that I'm not sure it's worth the effort of even Let's Encrypt.

      What's the consensus here?

      At least one of these have logins, that tie into nothing else.

      1 Reply Last reply Reply Quote 0
      • D
        dafyre
        last edited by

        If there will be users on it, then yeah, it needs SSL.

        J 1 Reply Last reply Reply Quote -1
        • J
          JaredBusch @dafyre
          last edited by

          @dafyre said in Do you setup SSL for Intranet websites only:

          If there will be users on it, then yeah, it needs SSL.

          Wow, that is about as stupid as answers get. Did you read the question at all?

          The answer is never that simple.

          There is a non trivial amount of effort involved in setting up trusted certificates on non public systems.

          D 1 Reply Last reply Reply Quote 1
          • D
            DustinB3403
            last edited by

            It's worth noting that these systems have credentials which lead to only these systems. They connect to nothing else, and while they could provide the destructive kind of access that would be concerning over, it's not something I'd really be so concerned over.

            Namely because I backup these systems daily. So even if someone got credentials to these systems, I'd just restore and change those credentials.

            @dafyre I get the point, but these systems literally go no where. It's a dead end even if anyone was sniffing my network.

            @JaredBusch I'm assuming you think it wouldn't be worth it for these tiny systems?

            J 1 Reply Last reply Reply Quote 0
            • D
              DustinB3403
              last edited by

              These sites are for things like IT Wiki pages, Asset Management.

              Literally near-zero value targets.

              J 1 Reply Last reply Reply Quote 0
              • J
                JaredBusch @DustinB3403
                last edited by

                @dustinb3403 said in Do you setup SSL for Intranet websites only:

                These sites are for things like IT Wiki pages, Asset Management.

                Literally near-zero value targets.

                Nothing is near-zero value.
                But that is not the point.

                1 Reply Last reply Reply Quote 0
                • D
                  DustinB3403
                  last edited by DustinB3403

                  Near-zero value in someone attacking is what I meant. Not a zero-value in what is provided by the systems. Also there is nothing confidential or needing "security" from a business perspective, which is why I ask is SSL worth it for these types of Intranet sites?

                  O 1 Reply Last reply Reply Quote 0
                  • J
                    JaredBusch @DustinB3403
                    last edited by JaredBusch

                    @dustinb3403 said in Do you setup SSL for Intranet websites only:

                    @dafyre I get the point, but these systems literally go no where. It's a dead end even if anyone was sniffing my network.

                    There was no point to his post. SO to say you get it means you are reading into something or assuming something.

                    @dustinb3403 said in Do you setup SSL for Intranet websites only:

                    @JaredBusch I'm assuming you think it wouldn't be worth it for these tiny systems?

                    Stop and think about the process, this is not that hard to understand.
                    How would you even get a trusted certificate on the box?
                    LE works buy reaching back to you to verify the server nonce and issues the certificate. You cannot do that because that ONLY works on http/https. You cannot forward that through your router to everything. That is not how networking works.

                    You can try to DNS verification, but then you need to have public DNS records for all of these servers and associated text records with the challenge nonce. That is in addition to your internal DNS being setup to route to these systems.

                    Or you buy long term certs (or a wildcard) form someplace and use that. That at least only needs configured once every year or two.

                    D 1 Reply Last reply Reply Quote 2
                    • D
                      dafyre @JaredBusch
                      last edited by

                      This post is deleted!
                      1 Reply Last reply Reply Quote 0
                      • D
                        dafyre @JaredBusch
                        last edited by

                        @jaredbusch said in Do you setup SSL for Intranet websites only:

                        Or you buy long term certs (or a wildcard) form someplace and use that. That at least only needs configured once every year or two.

                        But then you're still left with "is it worth paying for?"

                        There are clients out there that will automate the DNS checks and such for you if your DNS provider has an API. I've got one I'm testing now, but I just ran across it a day or so again. If it works well, I'll post it.

                        1 Reply Last reply Reply Quote 0
                        • S
                          scottalanmiller
                          last edited by

                          Or you use self signed certs.

                          D 1 Reply Last reply Reply Quote 0
                          • D
                            DustinB3403 @scottalanmiller
                            last edited by

                            @scottalanmiller said in Do you setup SSL for Intranet websites only:

                            Or you use self signed certs.

                            But is that even worth it, it's added setup for something that goes to a dead-end in terms of systems. The logins have no association with anything else on the network, and there is nothing critically location on these systems that (in my case) warrants needing to be secured.

                            S 1 Reply Last reply Reply Quote 0
                            • D
                              DarienA
                              last edited by

                              Sometimes we do, sometimes we don't... great answer right?

                              1 Reply Last reply Reply Quote 0
                              • S
                                scottalanmiller @DustinB3403
                                last edited by

                                @dustinb3403 said in Do you setup SSL for Intranet websites only:

                                @scottalanmiller said in Do you setup SSL for Intranet websites only:

                                Or you use self signed certs.

                                But is that even worth it, it's added setup for something that goes to a dead-end in terms of systems. The logins have no association with anything else on the network, and there is nothing critically location on these systems that (in my case) warrants needing to be secured.

                                Its' so easy to do, why not?

                                Is it necessary? No. But the effort is so small, might easily be worth it.

                                J 1 Reply Last reply Reply Quote 0
                                • J
                                  JaredBusch @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in Do you setup SSL for Intranet websites only:

                                  @dustinb3403 said in Do you setup SSL for Intranet websites only:

                                  @scottalanmiller said in Do you setup SSL for Intranet websites only:

                                  Or you use self signed certs.

                                  But is that even worth it, it's added setup for something that goes to a dead-end in terms of systems. The logins have no association with anything else on the network, and there is nothing critically location on these systems that (in my case) warrants needing to be secured.

                                  Its' so easy to do, why not?

                                  Is it necessary? No. But the effort is so small, might easily be worth it.

                                  Self-signed or horrid. Because your browser does not trust them and you have to click through warnings. you don't want to be in that habit.

                                  1 Reply Last reply Reply Quote 1
                                  • DonahueD
                                    Donahue
                                    last edited by

                                    I've never bothered to setup a certificate for anything internal. I know who they are even if the browser doesn't.

                                    D 1 Reply Last reply Reply Quote 0
                                    • D
                                      DustinB3403 @Donahue
                                      last edited by

                                      @donahue said in Do you setup SSL for Intranet websites only:

                                      I've never bothered to setup a certificate for anything internal. I know who they are even if the browser doesn't.

                                      That's my stance as well.

                                      1 Reply Last reply Reply Quote 0
                                      • black3dynamiteB
                                        black3dynamite
                                        last edited by black3dynamite

                                        Self-signed isn't too bad if you have a way to install your own Root CA to the computers.

                                        J 1 Reply Last reply Reply Quote 0
                                        • dbeatoD
                                          dbeato
                                          last edited by

                                          In a windows environment with AD I setup a domain CA and all the servers and devices get an internal SSL that is trusted by the devices joined to the domain. That's the only use I do for internal SSLs but it takes some time to setup though.

                                          1 Reply Last reply Reply Quote 1
                                          • J
                                            JaredBusch @black3dynamite
                                            last edited by

                                            @black3dynamite said in Do you setup SSL for Intranet websites only:

                                            Self-signed isn't too bad if you have a way to install your own Root CA to the computers.

                                            That is not self signed. That is signed by a trusted (local) CA.

                                            S 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post