1

I got a problem on a LAN that isnt connected to the internet ( neither server or clients are ) and the connections needs to run SSL.

I tried to make a selfsigned certificate but the browser comes up with the nasty warnings and chrome wont handle them as i think i did a sha1 certificate as selfsigned.

Trying to find a guide how i on a windows server can do this but to me, nit being a security expert it makes my head spin.

It seems i have to be my own CA - and chrome needs SAN and it says need to be SSH2 ? - but is CA a network setting or is it part of the certificate ? I really just would like to be able to run our connections over SSL with no browser warnings, the security aspect as such isnt the biggest issue for this particular network the most important is the client browsers dont complain.

And if it requires something on thr clientside to be done can that be made as a download package that the client ( admin ) can run to do once ?

Would be awsome if someone could direct me to some CA for dummies with the goal of getting the cert going on a lan server in mind if anything like that exists am about to give up

MdTp
  • 111
  • 2
  • I hope you mean TLS and NOT SSL. – Daisetsu Oct 29 '18 at 02:32
  • This is a similar question. I recommend reading the question, and the answers. They will probably clarify a lot of what you're trying to do https://security.stackexchange.com/questions/27898/encrypting-local-http-traffic-using-a-self-signed-certificate – Daisetsu Oct 29 '18 at 02:35
  • TSL yes ( thats how much i know about this ;/ but basically just trying to get it work so the apis that require proper cert can work again :( – MdTp Oct 29 '18 at 03:53
  • Did the link I gave help? – Daisetsu Oct 29 '18 at 04:07
  • @Daisetsu abit understanding yes but havent succeeded in getting it running yet - is it somehow possible for clients to click a link on my server and then that will install the certificate needed on their end ? – MdTp Oct 29 '18 at 07:01
  • If they're using a browser then they will see a insecure certified Cate warning. When that occurs, they can choose to install the certificate even though it doesn't pass validation. It would need to be done manually in each person's browser. Try googling for accepting an invalid cert. – Daisetsu Oct 29 '18 at 07:11
  • thanks alot Daisetsu - would it be possible to set the local server as CA on the clients ( that part i would give option to be downloaded and run when i client reaches the server ) - so the client machines would see my server as a valid authority ? – MdTp Oct 29 '18 at 11:08
  • What is the certificate used for? I assumed it was to secure a web server. Is that right? Then you don't need any additional server. Just install the cert on the webserver. Follow any guide on securing your webserver with TLS usually ng a self signed cert. – Daisetsu Oct 29 '18 at 15:01
  • 1
    Yes its a webserver (IIS running a webbased ncident report module which uses different webapi's that requires TLS ). But will try to get it working - and thanks alot for helping me out here Daisetsu would like to vote you answered when its working but we are only commenting:) – MdTp Oct 29 '18 at 16:42

0 Answers0