HTTPS, SSL enabling

Hello all,

A few simple question regarding https and ssl.

1- Can I use https without needing ssl?
2- One a certificate installed, will I have to refresh it every year?
3- Can I enable https/ssl without affecting the running client?

I would like to implement https/ssl in production. I would let the client connect using regular http until I can reconfigure all of them to use https. Is there any problem with this approach?

Thank you very much.

The answers change a little bit for 7.9, but in 8.0+ -
1 doesn’t really make sense - you can’t have HTTPS traffic without an SSL certificate, somewhere - that certificate doesn’t need to be trusted by ‘certificate authorities’, but it does have to exist.
2. No - see the point above. Certificate authorities may have restrictions on certificates they issue, including lifespan, domain name validation, etc, etc, but nothing (beyond hassle) prevents you from ‘self-signing’ a certificate or even standing up your own certificate authority within your own infrastructure; it’s relatively common among large enterprises. Most publicly trusted CAs issue certificates that last a few years; Let’s Encrypt is an outlier with 1-month certificates to encourage automated renewal; the tradeoff is that LE certs are free, where pretty much every other CA charges some nominal fee.
3. You can, but it somewhat defeats the purpose. The benefits of SSL are only really realized if it’s always used, and required by the server. The short version is that you can enable HTTPS on the server, but not ‘Force Secure Redirect’ in the gateway settings, which means that both HTTP and HTTPS traffic will be allowed by the server.


My goal is to enable https witouth disrupting the runing clients.

One https enable, I will convert all my client one by one and then I will check the “force redirection” option.