Link to home
Start Free TrialLog in
Avatar of Pau Lo
Pau Lo

asked on

https/ssl for internal web/app servers

we have an ERP application that can only be accessed "internally" via the private network. However, when the users login, for some admin type activities they supply SQL credentials to access an admin area of the application. by reviewing the URL this is going over HTTP not HTTPS. I presume management dont see the risk that high as only internal hackers could "sniff" the traffic, but even so, still a degree of risk. What costs are involved in buying a certificate for an internal server to mitigate this risk? need to determine the costs vs benefits to see if management will pursue such a control to mitigate the credentials being passed over the network unencrypted. given our setup i suspect the liklehood of someone sniffing credentials in transit is very low, but always a possibility. if the fix is cheap £$ then they may pursue it. (asp.net app with backend SQL server 2008 R2)
ASKER CERTIFIED SOLUTION
Avatar of Carl Dula
Carl Dula
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Pau Lo
Pau Lo

ASKER

>If your webserver is not configured to server https, then you have to do that. In addition you have to install the certificate on the webserver.


Does that involve more cost, or are you just referring to the admins time/labour to do the work? Is this a complex tasks for an admin, or relatively straight forward?
Avatar of Carl Dula
Carl Dula
Flag of United States of America image
No cost, just configuring another instance of the web server that answers on port 443. If the person who installed the web server is familiar, then it is not a significant task to do that and install a certificate.