PxPlus User Forum

Twitter Twitter Twitter

Author Topic: EZWeb Server and Automatic Security Certificate Reload using LET'S ENCRYPT SSL  (Read 1529 times)

nmartinez@bristolind.com

  • Silver Member
  • ***
  • Posts: 36
    • View Profile
Hi everyone,
We are looking into an option to use an SSL certificate with EZWeb Server and while reading there is a section on the EZWeb Server documentation "Automatic Security Certificate Reload" where it talks about "Let's Encrypt SSL/TLS Certificates.  Wanted to see if anyone out there is using "Let's Encrypt SSL certs" with EZWeb Server and AUTO RENEWING them automatically.
Has anyone had any issues with this type of setup?  We can always get one from GoDaddy or another place, but liked the fact that documentation says that EZWeb will automatically be updated to use renewed certificate if one is found.
ALSO, our EZWeb is running on our on-prem RedHat Linux Server Version 8.3 and we will be allowing selected external sites via Firewall forwarding to get to our EZWeb server.
Thank you!

Mike King

  • Diamond Member
  • *****
  • Posts: 3799
  • Mike King
    • View Profile
    • BBSysco Consulting
Were you able to get the Let's Encrypt interface to work for you?

PxPlus uses a standard .pem format file which is basically a text file with the private key and related certificates concatenated together -- should be pretty easy to obtain this from any SSL provider.
Mike King
President - BBSysco Consulting
eMail: mike.king@bbsysco.com

nmartinez@bristolind.com

  • Silver Member
  • ***
  • Posts: 36
    • View Profile
Hi Mike,
We had to put this project on hold, but will be picking it up in a couple of weeks. 

This is what we are thinking about doing:
. get an SSL for brealts@bristolind.com and this will bring us all the way to our on-prem firewall
. create a NAT rule to forward traffic from selected Tulip public IP addresses TO our on-prem private RedHat 8.3 server on port 443

Are we supposed to apply the SSL to our RedHat Linux server or just use the .PEM file with our EZWeb Server (point it to a path where this .PEM file is saved)?
Thank you, Mike!

nmartinez@bristolind.com

  • Silver Member
  • ***
  • Posts: 36
    • View Profile
Hi Mike,
When talking with GoDaddy support, they said I needed the CSR for the EZWeb Server.  How do I get this CSR, so I can provide it to them and generate the CRT?
Thank you!

Mike King

  • Diamond Member
  • *****
  • Posts: 3799
  • Mike King
    • View Profile
    • BBSysco Consulting
Godaddy used to have a page that would allow you to create a CSR, otherwise you should be able to use OpenSSL to create your CSR and private key.
Mike King
President - BBSysco Consulting
eMail: mike.king@bbsysco.com

nmartinez@bristolind.com

  • Silver Member
  • ***
  • Posts: 36
    • View Profile
Thank you Mike!  Everything is working fine now.  We are using SSL from Let's Encrypt.