Hello all,
A few simple question regarding https and ssl.
1- Can I use https without needing ssl?
2- One a certificate installed, will I have to refresh it every year?
3- Can I enable https/ssl without affecting the running client?
I would like to implement https/ssl in production. I would let the client connect using regular http until I can reconfigure all of them to use https. Is there any problem with this approach?
Thank you very much.
The answers change a little bit for 7.9, but in 8.0+ -
1 doesnât really make sense - you canât have HTTPS traffic without an SSL certificate, somewhere - that certificate doesnât need to be trusted by âcertificate authoritiesâ, but it does have to exist.
2. No - see the point above. Certificate authorities may have restrictions on certificates they issue, including lifespan, domain name validation, etc, etc, but nothing (beyond hassle) prevents you from âself-signingâ a certificate or even standing up your own certificate authority within your own infrastructure; itâs relatively common among large enterprises. Most publicly trusted CAs issue certificates that last a few years; Letâs Encrypt is an outlier with 1-month certificates to encourage automated renewal; the tradeoff is that LE certs are free, where pretty much every other CA charges some nominal fee.
3. You can, but it somewhat defeats the purpose. The benefits of SSL are only really realized if itâs always used, and required by the server. The short version is that you can enable HTTPS on the server, but not âForce Secure Redirectâ in the gateway settings, which means that both HTTP and HTTPS traffic will be allowed by the server.
Ok.
My goal is to enable https witouth disrupting the runing clients.
One https enable, I will convert all my client one by one and then I will check the âforce redirectionâ option.