Disable HTTPS

Brian Bergin · ‎08-19-2016

Is it possible to disable HTTPS when accessed from the local subnet? On a local LAN if an admin needs to worry about their employees snooping on LAN traffic they have bigger problems than what's garnered from FindIT information. The whining that every browser gives when connecting to a local HTTPS site with a self-signed cert is just a pain and there's zero reason to pay for one and the hassle of creating and administering local certs isn't worth it either.

David Harper · ‎08-19-2016

That's a fair point, but I do think turning HTTP on would be a short term solution, given the stated plans from the browser vendors to start raising red flags on HTTP sites generally. My thought was to try and address the certificate problem in a user-friendly manner, potentially by integrating the letsencrypt agent, which would allow something very close to 'click a button for a free, browser recognised certificate'. How would that grab you as a solution for this?

Cheers,

Dave.

Brian Bergin · ‎08-22-2016

I'm good with letsencrypt, the problem is you have to renew that constantly. They're not long-term certs. Maybe if you automate the process so it renews it ever 90 days or whatever they require.

David Harper · ‎08-22-2016

It would definitely need to be automated. It's not workable any other way. In any case, they have designed the service to be automated for exactly that reason, so I don't expect any serious issues getting it to work.

Cheers,

Dave.