BillB66 Posted June 21, 2023 Posted June 21, 2023 Not a fan of using an untrusted cert in a browser. Have have a wildcart cert for my domain that I would like to use. Is there instruction on where they need to be installed? I see various SSL installed, which one is used for the website? /var/polyglot/pg3/ssl /var/polyglot/ssl Thanks, Bill B.
lilyoyo1 Posted June 21, 2023 Posted June 21, 2023 1 hour ago, BillB66 said: Not a fan of using an untrusted cert in a browser. Have have a wildcart cert for my domain that I would like to use. Is there instruction on where they need to be installed? I see various SSL installed, which one is used for the website? /var/polyglot/pg3/ssl /var/polyglot/ssl Thanks, Bill B.
BillB66 Posted June 21, 2023 Author Posted June 21, 2023 (edited) Pretty poor answer. USI could at least document where they are putting the certs. Their placement/naming is non standard. Cost is a red herring when talking about user supplied certs other then the documentation effort. The thread is deep in opinions, but light on facts. Managing/Issuing certs with Let'sEncrypt and ACME is trivial. Took me about 15 minutes to set it up. Then about a day to automate installation of the certs to QNAP, Plex, nginx, etc. https://letsencrypt.org/docs/client-options/ it's also free. Far lower investment cost then using IoP. Disappointed in the stance to say the least. Thanks, Bill B. Edited June 21, 2023 by BillB66 added ACME. 1
lilyoyo1 Posted June 21, 2023 Posted June 21, 2023 21 minutes ago, BillB66 said: Pretty poor answer. USI could at least document where they are putting the certs. Their placement/naming is non standard. Cost is a red herring when talking about user supplied certs other then the documentation effort. The thread is deep in opinions, but light on facts. Managing/Issuing certs with Let'sEncrypt and ACME is trivial. Took me about 15 minutes to set it up. Then about a day to automate installation of the certs to QNAP, Plex, nginx, etc. https://letsencrypt.org/docs/client-options/ it's also free. Far lower investment cost then using IoP. Disappointed in the stance to say the least. Thanks, Bill B. I think they are looking at things from a commercial standpoint vs individual user needs.
BillB66 Posted June 21, 2023 Author Posted June 21, 2023 (edited) Even my epson printer control panel supports custom SSL certs. What is the target audience if certs are too complex, yet they still understand that a self signed cert is safe to click through. Boggles the mind. Edited June 21, 2023 by BillBinAz
lilyoyo1 Posted June 21, 2023 Posted June 21, 2023 11 minutes ago, BillBinAz said: Even my epson printer control panel supports custom SSL certs. What is the target audience if certs are too complex, yet they still understand that a self signed cert is safe to click through. Boggles the mind. It's not necessarily that they are too complex for people. UDIs concerns are probably different then epson's being that they cater to different situations. With udi, they want to ensure that the different systems which encompass polisy/eisy are able to talk to one another. Being that they are a much smaller company, I'm sure they want to limit support calls due to someone not configuring their certs properly and breaking their system in the process.
Geddy Posted June 21, 2023 Posted June 21, 2023 5 hours ago, BillB66 said: Is there instruction on where they need to be installed? Probably nothing to fit your need mentioned in the forums (as you said link shared by @lilyoyo1 didn't fit your need). So the best bet would be to open a support ticket directly with UDI and get information directly from them (if it's available). https://www.universal-devices.com/my-tickets Honestly, I don't get the worry/concern. It's all internal so no traffic is leaving your network. Hope you get the answers to your questions.
BillB66 Posted June 21, 2023 Author Posted June 21, 2023 Blame it on OCD, and Chrome's inconsistent behavior on letting you click through on an cert from an untrusted CA. Good suggestion on a support ticket. It may end up being a feature request based on how the Self Signed certs are being handled in pg3. (just from looking at the setup)
bpwwer Posted June 22, 2023 Posted June 22, 2023 You don't need to use https when accessing PG3, you can use unsecured http. If you're accessing PG3 from your own network and you trust your network, then there's really no need for a secure connection.
BillB66 Posted June 22, 2023 Author Posted June 22, 2023 (edited) True, I don't need to run HTTPS. I would like to, and Polisy is built on a platform that supports a robust infrastructure (FreeBSD) that can support more then just self signed certs. Also, it used to work with polyglot. Edited June 22, 2023 by BillB66
Recommended Posts