why are you installing on pf1, prtr, win10 and then on server1? Why not just on server1? We are talking about the same certificate that you put on IIS over the rest of device?
Rodigo, (off the top of my head). On PF1 you generate the certificate for your domain . By then exporting a copy to Server1 and RTR you can bind the certificate to IIS (Server1) and the Web management interface on RTR. By doing this when Clients connect by https to these devices the certificate will be recognized as valid and the client will not receive an error message. Let me know if I am misunderstanding your question. RKGraves
Rajanikanth, Because SSL certificates are now only valid for 1 year I have been creating my own using the free option of - Let's Encrypt. I use pfSense and the ACME package to help automate certification creation and renewal. In the past I used a free web tool called "Punch Salad". Punch Salad was/is a free web GUI frontend to creating SSL certificates with Let's Encrypt. For SSL certificates that will not be used outside my network I prefer to create my own self-signed certificates. These will only be good internally and not useful on the Internet. But the advantage of creating my own self-signed SSL certificates is that I can create them to last for 3, 5, or even 10 years. My favored tool for creating self-signed certificates is also pfSense. While not a direct answer to your question I Hope this information is helpful! Warm Regards R.Graves
@@niccite Glad you reached out. we are running are ERP system wichuses IIS without SSL. IIS is hosted in house with a static IP. what's the best approash to secure the communication.
@@rajanekanthvs6183 In a situation as You describe, I think I would use an ACME client for IIS and Let's Encrypt. I don't have the name off the top of my head, but I have recently used an ACME client to auto-renew a Let's Encrypt SSL certificate. The Let's Encrypt certificates are only good for 60 days so have a convenient auto-renew option is very helpful! The ACME IIS client I was using was free for education and personal use (sounds like yours is a business use). My 2nd option would be, depending on how many IIS servers you have, to go ahead an purchase an SSL certificate - A purchased SSL certificate will be good for 1 year and costs are reasonable. A 3rd option would be purchase a Wildcard cert and then you could use it on all your SSL enabled hosts. If the certificate is just for internal IT work and not for end users, then I favor a multi-year self-signed. If Users will be access the resource(s) then I favor either th 60 day Let's Encrypt free certificates or purchase a 12 month certificate - depending on how much work you want to do every 60 days or 12 months. Hope this information is helpful! Thanks for the Follow-Up. R.Graves NICCITE
![BLACK BAG - Official Trailer [HD] - Only in Theaters March 14](http://i.ytimg.com/vi/Du0Xp8WX_7I/mqdefault.jpg)
why are you installing on pf1, prtr, win10 and then on server1? Why not just on server1? We are talking about the same certificate that you put on IIS over the rest of device?
Rodigo, (off the top of my head). On PF1 you generate the certificate for your domain . By then exporting a copy to Server1 and RTR you can bind the certificate to IIS (Server1) and the Web management interface on RTR. By doing this when Clients connect by https to these devices the certificate will be recognized as valid and the client will not receive an error message. Let me know if I am misunderstanding your question. RKGraves
Where do we buy the SSL from?
can you suggest a few providers
Rajanikanth, Because SSL certificates are now only valid for 1 year I have been creating my own using the free option of - Let's Encrypt. I use pfSense and the ACME package to help automate certification creation and renewal. In the past I used a free web tool called "Punch Salad". Punch Salad was/is a free web GUI frontend to creating SSL certificates with Let's Encrypt. For SSL certificates that will not be used outside my network I prefer to create my own self-signed certificates. These will only be good internally and not useful on the Internet. But the advantage of creating my own self-signed SSL certificates is that I can create them to last for 3, 5, or even 10 years. My favored tool for creating self-signed certificates is also pfSense. While not a direct answer to your question I Hope this information is helpful! Warm Regards R.Graves
@@niccite Glad you reached out. we are running are ERP system wichuses IIS without SSL. IIS is hosted in house with a static IP. what's the best approash to secure the communication.
@@rajanekanthvs6183 In a situation as You describe, I think I would use an ACME client for IIS and Let's Encrypt. I don't have the name off the top of my head, but I have recently used an ACME client to auto-renew a Let's Encrypt SSL certificate. The Let's Encrypt certificates are only good for 60 days so have a convenient auto-renew option is very helpful! The ACME IIS client I was using was free for education and personal use (sounds like yours is a business use). My 2nd option would be, depending on how many IIS servers you have, to go ahead an purchase an SSL certificate - A purchased SSL certificate will be good for 1 year and costs are reasonable. A 3rd option would be purchase a Wildcard cert and then you could use it on all your SSL enabled hosts.
If the certificate is just for internal IT work and not for end users, then I favor a multi-year self-signed. If Users will be access the resource(s) then I favor either th 60 day Let's Encrypt free certificates or purchase a 12 month certificate - depending on how much work you want to do every 60 days or 12 months.
Hope this information is helpful! Thanks for the Follow-Up. R.Graves NICCITE