EmailRSS

Tag Archives: Certificates

This is unsafe – Bypassing the Google Chrome “Your connection is not private” Warning

Posted on by

So you’ve visited an HTTPS link and received a security warning like the one pictured below.

Because you are an articulate and knowledgeable IT admin[note]I don’t say this about other people who don’t read my blog.[/note], you know that it is safe to continue to this website. It could be an internal device that you haven’t gotten a free certificate for, or merely a machine for testing.

Either way, you need to bypass this screen as quickly and efficiently as possible – preferably without using a mouse. Simply type thisisunsafe and Chrome will trust this URL for the remainder of the browser session.

Google changes this keyword from time to to time. The previous HTTPS bypass word was badidea; the one before that was danger. If it changes again, I will update this page.

Let’s Encrypt – Installing Free Trusted SSL Certificates on Windows Server Automatically

Posted on by

Ever get tired of paying for another certificate to use on a new server? Let me introduce you to Let’s Encrypt and show you how easy it is to install and maintain free, trusted certificates on your Windows machines.

Another free and trusted certificate from Let’s Encrypt

How does Let’s Encrypt work?

First, a bit of background information. Let’s Encrypt is completely free and trusted by every major CA. Like other open projects, it is donor supported. Donors include Cisco, Google, Microsoft, and Mozilla.

When a certificate is issued, it is valid for just 90 days. And I know what you are thinking – “90 days, I’ll be replacing certificates all of the time!”

With Let’s Encrypt, the entire process – from requesting to renewal – is designed to be automated! Once setup, certificate management should be just another task that occurs in the background, automatically. Automation can be achieved a few ways. For a Windows machine, my preferred method is to use the Win Acme tool.

How to Use Win Acme with Let’s Encrypt

Originally, I used a PowerShell script to do this but found that the Win Acme tools were easier to use. The tools can be downloaded from here.

Once the .ZIP has been downloaded, extract it to a server needing a certificate. If you plan on using it on several severs, store it on a share and use Group Policy File Preferences to deploy it.

Next, ensure that the server is publicly accessible through HTTP by using the full name that you need a certificate for. Certificates have to be verified before being issued; verification using a DNS name for the host is one of the supported methods. In the screenshot, you can see that I have an HTTPS binding for letsencrypt.deployhappines.com on an IIS server. You would also want to make sure that the name is accessible over port 80. You can read about other validation methods here.

On the server, launch an elevated command prompt and run letsencrypt.exe /? 

For a single IIS site, you would want to press N to create a new certificate and then 1. After pressing 1, you should see a list of sites available on your server. Because the server in this screenshot already had a certificate, I was not prompted to configure any notifications settings or accept the EULA.

Continue through the prompts until the certificate is installed. Win-acme should automatically load the certificate into the Web Hosting certificate store for the server and bind it in IIS. To see it immediately, you can restart your site in IIS. Additional options are available if you need to install a certificate for other server roles, such as Exchange or RDS.

Finally, you should see a new win-acme scheduled task in Task Scheduler. This task will automatically renew and replace your certificates when they are near expiration.

So, what do you think about Let’s Encrypt? Do you currently use it? Do you want to use it?