ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Do you setup SSL for Intranet websites only

    IT Discussion
    ssl internal websites
    10
    27
    2.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      FiyaFly
      last edited by

      I plan to. However, I'm still learning the whole process for a local root CA and have hundreds of projects that are currently higher priority so I haven't had time to look into it.

      B 1 Reply Last reply Reply Quote 0
      • B
        black3dynamite @FiyaFly
        last edited by

        @fiyafly said in Do you setup SSL for Intranet websites only:

        I plan to. However, I'm still learning the whole process for a local root CA and have hundreds of projects that are currently higher priority so I haven't had time to look into it.

        Here’s a few sites I’ve been using to setup a local CA.

        This one is pretty basic.
        https://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/

        https://devcentral.f5.com/articles/building-an-openssl-certificate-authority-introduction-and-design-considerations-for-elliptical-curves-27720

        https://jamielinux.com/docs/openssl-certificate-authority/introduction.html

        1 Reply Last reply Reply Quote 1
        • S
          scottalanmiller @JaredBusch
          last edited by

          @jaredbusch said in Do you setup SSL for Intranet websites only:

          @black3dynamite said in Do you setup SSL for Intranet websites only:

          Self-signed isn't too bad if you have a way to install your own Root CA to the computers.

          That is not self signed. That is signed by a trusted (local) CA.

          I think that local CA is us, we often think of it as self signed. Just a way to trust something that we signed ourselves.

          J 1 Reply Last reply Reply Quote 0
          • J
            JaredBusch @scottalanmiller
            last edited by

            @scottalanmiller said in Do you setup SSL for Intranet websites only:

            @jaredbusch said in Do you setup SSL for Intranet websites only:

            @black3dynamite said in Do you setup SSL for Intranet websites only:

            Self-signed isn't too bad if you have a way to install your own Root CA to the computers.

            That is not self signed. That is signed by a trusted (local) CA.

            I think that local CA is us, we often think of it as self signed. Just a way to trust something that we signed ourselves.

            A local CA, is nothing like a system generating a basic self signed cert.

            A local CA can (more) easily be trusted by all browsers on the network.

            Self-signed certs would all have to be individually trusted.

            1 Reply Last reply Reply Quote 2
            • D
              Donahue
              last edited by

              are there any good articles on how to create a local CA?

              B 1 Reply Last reply Reply Quote 0
              • B
                black3dynamite @Donahue
                last edited by black3dynamite

                @donahue said in Do you setup SSL for Intranet websites only:

                are there any good articles on how to create a local CA?

                https://mangolassi.it/topic/18175/do-you-setup-ssl-for-intranet-websites-only/22

                The second link one is an updated version based on the third link.

                1 Reply Last reply Reply Quote 1
                • O
                  Obsolesce @DustinB3403
                  last edited by

                  @dustinb3403 said in Do you setup SSL for Intranet websites only:

                  Near-zero value in someone attacking is what I meant. Not a zero-value in what is provided by the systems. Also there is nothing confidential or needing "security" from a business perspective, which is why I ask is SSL worth it for these types of Intranet sites?

                  You need SSL for everything period. Even if it's a self-signed cert it's fine... just allow the exception in the web browser and be done, or use an internal certificate if your browsers are set to trust the root... or a domain wildcard cert would work just fine. It's easy to do.

                  You could set out a reverse proxy for use with Let's Encrypt, and use the reverse proxy for all of your internal-only web servers. On the reverse proxy, you can limit each site config to only pass internal IPs only. That's what I did for a few. For example, if you add this in:

                      allow 10.0.0.0/8;
                      allow 172.16.0.0/12;
                      allow 192.168.0.0/16;
                      deny all;
                  

                  It will not proxy anything unless it comes from an internal IP.

                  1 Reply Last reply Reply Quote 2
                  • 1
                  • 2
                  • 2 / 2
                  • First post
                    Last post