Does Core iQ support the use of SSL certificates?

You can encrypt Core iQ network traffic. This is usually accomplished with an SSL certificate, applied to the intranet site hosted in IIS on the server you’ve provisioned.  There are two basic ways to obtain assign an SSL certificate to the Core iQ host. Each has its own pros and cons.

Purchasing a certificate from a global “Certificate Authority.”

  • This is no different than acquiring a certificate that you assign to your website. GoDaddy is an example provider for SSL certificates, but there are others that are considered as a “Certificate Authority” (CA) issuer.
  • The up-side is that most client machines are already provisioned to “trust” the certificate issued by a CA. The certificate is automatically downloaded to the trusted root without any required action on the part of the client.
  • The down-side is cost. These certificates are not free and must be renewed before they expire.
  • In this scenario, you will likely need to obtain a Certificate Signing Request (CSR) on the Core iQ server itself from within IIS. Onovative can provide guidance in this regard, if you require.
  • Once you obtain the certificate from the CA, yourself, or Onovative should you wish, can apply it to Core iQ and we will turn off access over the standard Port 80. This will force use of the certificate on Port 443, encrypting data in transit between the server and the client browser on your network.
  • NOTE:  If you have purchased a “wildcard” certificate, you may be able to use it on the Core iQ server depending on the naming convention used to resolve to the server.

Create a “Self Signed” certificate on the server itself

  • This type of certificate is equally valid, and will encrypt traffic on your network.
  • There is no cost.
  • Onovative can assist you in creating the certificate, but the rest is then up to you to make sure that your client browsers actually use the certificate.
  • The down-side with this type of certificate is that you commonly have to distribute these to client machines. They are not automatically trusted.
  • Usually, a group policy can be created that causes the certificate to be downloaded to the client. If this is not possible, the certificate will need to be manually installed to the trusted root certificate store on “each” client machine.

Which should you choose? That is totally up to you and your policies. We have applied more self-signed certificates than those issued by a CA, but it usually comes down to tolerance for added cost.

0 out of 0 found this helpful