Previously, Concurrent/Concertim used self-signed certificates. The full chain for the certificate was installed on the MIAs/ISLAs allowing internal communication to be validated. Customers were required to either install the certificate authority(?) or simply accept the SSL validation warning.
Currently, we have MIA use the default SSL certificate on the machine. This is self-signed causing SSL validation issues, requiring the user to accept the certificate.
Going forwards, we could use a similar mechanism as Concurrent/Concertim. Or we could use Let's Encrypt certificates.
Using a similar mechanism as before, requires that we have a secure machine somewhere on which we can create the certificates.
Let's Encrypt have a short life span, so we would need an mechanism to automatically renew them. Such mechanism should be easy to develop, we've already done so before for OpenFlight's flight-www, but it does require that the MIA is internet accessible. There may or may not be automatic solutions available that do not require an internet accessible MIA.
Previously, Concurrent/Concertim used self-signed certificates. The full chain for the certificate was installed on the MIAs/ISLAs allowing internal communication to be validated. Customers were required to either install the certificate authority(?) or simply accept the SSL validation warning.
Currently, we have MIA use the default SSL certificate on the machine. This is self-signed causing SSL validation issues, requiring the user to accept the certificate.
Going forwards, we could use a similar mechanism as Concurrent/Concertim. Or we could use Let's Encrypt certificates.
Using a similar mechanism as before, requires that we have a secure machine somewhere on which we can create the certificates.
Let's Encrypt have a short life span, so we would need an mechanism to automatically renew them. Such mechanism should be easy to develop, we've already done so before for OpenFlight's
flight-www, but it does require that the MIA is internet accessible. There may or may not be automatic solutions available that do not require an internet accessible MIA.