February 16, 2021
Part 2 of our Blog series on certificates focuses on a practical matter: using the free Let’s Encrypt certificates to secure servers that may not be publicly available, but still need better security than self-signed certs can give you.
As we explained in our last blog on this subject, to use HTTPS encryption with certificates, you can choose from a number of options:
- self-signed certificate
- a cert from a private Certificate Authority (CA), in this case, you or your company run the CA, not a trivial task!
- a certificate signed by a Root CA you trust
GroundWork supports any of these (or even two at once on the same server). What you choose to use depends on a lot of things, like your tolerance for trust failure reports in your browser from self-signed or private CA certificates. Basically, only root-signed certs are trusted by browsers out-of-the-box, so unless you want to deal with users reporting and complaining about those failures, and explaining how to explicitly trust the certs you use, it’s best to use certs signed by a Root CA.