Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 7 subscribers
  • Views 9653 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMC behind apache reverse proxy with lets encrypt certificates

ThomasKriener

Hello,

we are currently using SMC with a StartSSL-Certificate which is expiring soon, so we need to have an alternative.

One option would be to put SMC behind a apache reverse proxy which is using lets encrypt certificates. The exchange of the certificate on this reverse proxy is already automated for other hosts behind it.

Between the reverse proxy and the SMC we would use a long-term Certificate issued by our internal CA.

Does anybody uses such a scenario successfully together with SMC? Do we have to make SMC aware of the certificate changes?

Thanks for any hints,

Thomas



This thread was automatically locked due to age.
Parents
  • +1

    Dear Thomas,

    If you want to replace your old certificate with another one, You must to use "SMC - SSL Certificate Wizard" application for creating new CS request. And after this one, you can import your new SSL certificate througt your MDM Administrator Panel. If you let us know what you want to do and if there is an error, we can be more helpful.

    Best regards...

    Ali Erdem Sunar

Reply
  • +1

    Dear Thomas,

    If you want to replace your old certificate with another one, You must to use "SMC - SSL Certificate Wizard" application for creating new CS request. And after this one, you can import your new SSL certificate througt your MDM Administrator Panel. If you let us know what you want to do and if there is an error, we can be more helpful.

    Best regards...

    Ali Erdem Sunar

Children
  • 0 in reply to Ali Erdem Sunar

    Hello,

    my idea was to use a long-term self-signed on the SMC-Side, which is trusted by the apache reverse-proxy and  a short term let's encrypt certificate on the reverse proxy, which is trusted by the devices through the normal System-CAs.

    With apache the change of the short term certificates can be automated easily.

    The question I have is, if the certificate is just used for SSL or if it is also used for other purposes.

    Regards,
    Thomas Kriener

  • 0 in reply to ThomasKriener

    Hello Thomas,

    This certificate using for 2 reasons:

    1. For MDM interface on Web.
    2. Device Encryption for mobile devices (If you have Advanced License on MDM).

    I know this is using for these reasons.

    Best regards...

    Ali Erdem Sunar

    Sophos Certified Engineer

Unfiltered HTML