Thanks for everyone's feedback! It's likely that I will revisit using privately signed certificates for non-public facing admin gui pages via our Microsoft AD base. As long as it's a Windows workstation signing into AD accessing the page, the certificate will be trusted without any warnings, etc. Again, this is just for non-public facing admin gui's so our team doesn't have to import private keys.
The hardest part was finding some decent instructions on how to do so. Apparently, when a private signed certificate is generated and granted it's available for download from the link presented during the process and there's no easy way to find an inventory of generated certificates! Lelio --- Lelio Fulgenzi, B.A. Senior Analyst, Network Infrastructure Computing and Communications Services (CCS) University of Guelph 519-824-4120 Ext 56354 le...@uoguelph.ca www.uoguelph.ca/ccs Room 037, Animal Science and Nutrition Building Guelph, Ontario, N1G 2W1 -----Original Message----- From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Doug McIntyre Sent: Wednesday, September 27, 2017 8:40 AM To: voyp list, cisco-voip (cisco-voip@puck.nether.net) Subject: Re: [cisco-voip] let's encrypt for local admin gui pages On Wed, Sep 27, 2017 at 04:07:53PM +0800, Ki Wi wrote: > technically it can be done but it's too troublesome. Without "auto" > update, you will have to go manual which is to create special DNS (TXT > record) entry for each URL during the renewal. DNS authorization of Let's Encrypt can be done through automated methods. Especially with a client such as dehydrated and the use of dynamic DNS updates (through ddns methods of nsupdate, or through the API of your DNS provider). Not sure how easily the SSL cert can be rotated on the appliance devices though. _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip