Web Connection User Discussions
Recommendations on SSL certificates
Gravatar is a globally recognized avatar based on your email address. Recommendations on SSL certificates
  Russell Campbell
  All
  May 28, 2020 @ 03:46pm

Just looking for some recommendations on good solutions for security certificates. Been needing to add one for a client and they may finally be interested. Just looking for what might an easy solution to implement.

Gravatar is a globally recognized avatar based on your email address. re: Recommendations on SSL certificates
  Eric Selje
  Russell Campbell
  May 28, 2020 @ 07:21pm

I think Let's Encrypt is your best choice here. The only "downside" is that they need to be auto-renewed every 90 days, which is easily scriptable with a cron job.

Gravatar is a globally recognized avatar based on your email address. re: Recommendations on SSL certificates
  Rick Strahl
  Russell Campbell
  May 29, 2020 @ 03:12pm

Like Eric says.

You can create LetsEncrypt certificates in a few minutes and they can be set up automatically to renew using WinAcme. It's a simple command line tool that handles the entire process for you literally in a few minutes including:

  • Creating the Certificate
  • Installing it to IIS
  • Binding it to one or more host names
  • Setting up the renewal

Here's more info in the Web Connection Deployment White Paper:

Create free TLS certificates with LetsEncrypt and WinAcme

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Recommendations on SSL certificates
  Russell Campbell
  Eric Selje
  Jun 4, 2020 @ 06:30am

Eric,

I'm sorry to the late reply. I've been quite busy, but I do appreciate the information you've provided. I'll be checking into it. Thanks, again.

Gravatar is a globally recognized avatar based on your email address. re: Recommendations on SSL certificates
  Russell Campbell
  Rick Strahl
  Jun 4, 2020 @ 06:31am

Rick,

Thanks for your reply, also. Sorry to be tardy in my reply.

Gravatar is a globally recognized avatar based on your email address. re: Recommendations on SSL certificates
  Tore Bleken
  Russell Campbell
  Jun 5, 2020 @ 04:59am

Rick, I have spent quite some time now, trying to update my website to use SSL. It's a 64-it Windows Server 2012 R2 machine with IIS version 8.5. I have installed WACS, and run it as administrator. I don't get any error messages, as far as I can see everything looks normal. But, still "not secure".... Any tips?

Gravatar is a globally recognized avatar based on your email address. re: Recommendations on SSL certificates
  Marcel DESMET
  Russell Campbell
  Jun 5, 2020 @ 11:37am

I use "Certify the Web" https://certifytheweb.com/ it's powered by Let's Encrypt . "The app is free for a limited number of managed certificates per server." I don't remember exactly how much are free, but everything is done is a few seconds and renewal is automatic

Gravatar is a globally recognized avatar based on your email address. re: Recommendations on SSL certificates
  Tore Bleken
  Marcel DESMET
  Jun 5, 2020 @ 12:58pm

Thank you for the suggestion. I installed it and ran it. The program reported "success", but still no https... Any more suggestions?

Gravatar is a globally recognized avatar based on your email address. re: Recommendations on SSL certificates
  Rick Strahl
  Marcel DESMET
  Jun 5, 2020 @ 01:01pm

Yeah CertifyTheWeb is great, but it's overkill for what most people need. It's great for bigger orgs that need to organize many certificates. Most people though can do just as well with the command line version of Win-Acme which is free and just as simple albeit without the GUI. Pick your site set a couple of options and the certificate is created and installed in IIS and the renewals are scheduled.

I manage 15 sites on my server with this and after initial setup it all happens automatically.

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Recommendations on SSL certificates
  Marcel DESMET
  Tore Bleken
  Jun 6, 2020 @ 03:19am

Tore, I never had any problem with a new config of a site but I remember some issues with the first use . I think it was because of previous manual config tentative of another certificate (But I don't remember exactly )

Gravatar is a globally recognized avatar based on your email address. re: Recommendations on SSL certificates
  Tore Bleken
  Rick Strahl
  Jun 6, 2020 @ 03:59am

I just tried Win-Acme once more, but now I receive error 443: not updated because it doesn't seem to match the new certificate! I'm out ideas. However, I will have my son look into it tonight.

Gravatar is a globally recognized avatar based on your email address. re: Recommendations on SSL certificates
  Rick Strahl
  Tore Bleken
  Jun 6, 2020 @ 12:08pm

It sounds like you may have previously had Acme installed and there may be some residual certificates or configuration perhaps?

If possible I would remove all old certificates from IIS in the IIS administration tool, then try again. If there's old configuration through Lets Encrypt, perhaps from Certify or an old version pre-WinAcme you might have to clear the local Acme store (you can look at the Acme troubleshooting section on the Web site).

+++ Rick ---

© 1996-2020