Now that I've read the whole thread I can answer in more detail to the original question of how to remove SSL warnings when he/she logs into his devices.
Simply create a DNS entry for that device and secure it with a single SSL certificate per device (expensive) or (my preference) a wildcard SSL certificate (single purchase for all of your devices). If you use private address space to access your devices the CA you use might not issue to a name that resolves to a private IP but I'd actually have to check with a CA before making that a certain statement. Also, you could go the route of putting up your own PKI infrastructure but you would have to make sure you have the ability of to add your newly created root CA certificate on the devices being accessed. Lastly the truly simple option might be to install each devices SSL certificate on your system as a trusted certificate. This would only cause your system to not display an error so if you moved systems the certificates would need to be installed all over again. If you have a lot of devices you access like this it could be rather unwieldy. On Mon, Oct 20, 2014 at 10:00 AM, Timothy Way <t...@way.lc> wrote: > This is new information to me especially in regards to the SAN > certificate. I am very interested in how this will affect the MS Exchange > SAN certificate solution especially because currently there isn't a clear > architecture for separate client facing servers solely for Internet facing > users and intranet facing users. > > Otherwise yes, it is good practice to implement your own PKI and use > whatever method meets your fancy to deploy and manage those certificates on > the endpoints. As far as what root CA to use you can use a Linux box or > Windows has an established CA service as well. We use it in production for > 802.1x authentication of our systems on the wire and wireless. We use Apple > MDM to help manage the Mac certificates and Group Policy to help with the > Windows systems. We use the Windows CA. > > Hope that helps. > > On Mon, Oct 20, 2014 at 9:40 AM, Brough Turner <bro...@netblazr.com> > wrote: > >> It appears public SSL certificates won't be a solution by 2016: >> >> https://support.godaddy.com/help/article/6935/phasing-out-intranet-names-and-ip-addresses-in-ssls >> >> As I understand it, the "correct" solution is for an enterprise to >> operate it's own public key infrastructure, issuing and managing it's own >> certificates for internal use based on a private "root" certificate which >> employees import into their browsers. I don't have any experience with >> this, but if someone on list does, I'd love to know if it's worth the time >> and effort. >> >> Thanks, >> Brough >> >> Brough Turner >> netBlazr Inc. – Free your Broadband! >> Mobile: 617-285-0433 Skype: brough >> netBlazr Inc. <http://www.netblazr.com/> | Google+ >> <https://plus.google.com/102447512447094746687/posts?hl=en> | Twitter >> <https://twitter.com/#%21/brough> | LinkedIn >> <http://www.linkedin.com/in/broughturner> | Facebook >> <http://www.facebook.com/brough.turner> | Blog >> <http://blogs.broughturner.com/> | Personal website >> <http://broughturner.com/> >> >> >> >> On Sun, Oct 19, 2014 at 9:49 PM, Cameron Crum <cc...@wispmon.com> wrote: >> >>> SSLs.com $4.99/year >>> >>> On Sun, Oct 19, 2014 at 2:21 PM, Jon Hebb <j...@hebbnetworks.com> wrote: >>> >>>> You can find a 1-Yr Comodo PositveSSL Wildcard cert for less than $100 >>>> online if you search around, which would be more than enough to install on >>>> your AP's. >>>> >>>> On Sun, Oct 19, 2014 at 1:31 PM, Josh Luthman < >>>> j...@imaginenetworksllc.com> wrote: >>>> >>>>> There ya go! Slap on DNS and that goes away. >>>>> >>>>> Josh Luthman >>>>> Office: 937-552-2340 >>>>> Direct: 937-552-2343 >>>>> 1100 Wayne St >>>>> Suite 1337 >>>>> Troy, OH 45373 >>>>> On Oct 19, 2014 1:28 PM, "John Thomas" <jtho...@quarnet.com> wrote: >>>>> >>>>>> http://www.netcentraldomains.com >>>>>> >>>>>> $209 per year. >>>>>> >>>>>> *Sent from my Verizon Wireless 4G LTE DROID* >>>>>> >>>>>> >>>>>> Josh Luthman <j...@imaginenetworksllc.com> wrote: >>>>>> >>>>>> Few hundred? I remember them being crazy expensive. >>>>>> >>>>>> Josh Luthman >>>>>> Office: 937-552-2340 >>>>>> Direct: 937-552-2343 >>>>>> 1100 Wayne St >>>>>> Suite 1337 >>>>>> Troy, OH 45373 >>>>>> On Oct 19, 2014 10:08 AM, "John Thomas" <jtho...@quarnet.com> wrote: >>>>>> >>>>>>> Or you can buy a wildcard for a few hundred dollars and use it on >>>>>>> all your devices. >>>>>>> >>>>>>> *Sent from my Verizon Wireless 4G LTE DROID* >>>>>>> >>>>>>> >>>>>>> Josh Luthman <j...@imaginenetworksllc.com> wrote: >>>>>>> >>>>>>> Pay for a certified SSL cert for each host. That's 50/device/year. >>>>>>> >>>>>>> Josh Luthman >>>>>>> Office: 937-552-2340 >>>>>>> Direct: 937-552-2343 >>>>>>> 1100 Wayne St >>>>>>> Suite 1337 >>>>>>> Troy, OH 45373 >>>>>>> On Oct 17, 2014 5:43 PM, "Mike Hammett" <wispawirel...@ics-il.net> >>>>>>> wrote: >>>>>>> >>>>>>>> Ignore it. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ----- >>>>>>>> Mike Hammett >>>>>>>> Intelligent Computing Solutions >>>>>>>> http://www.ics-il.com >>>>>>>> >>>>>>>> ------------------------------ >>>>>>>> *From: *"~NGL~" <n...@ngl.net> >>>>>>>> *To: *"WISPA General List" <wireless@wispa.org> >>>>>>>> *Sent: *Monday, October 13, 2014 7:18:08 PM >>>>>>>> *Subject: *[WISPA] security certificate >>>>>>>> >>>>>>>> There is a problem with this website's security certificate. >>>>>>>> >>>>>>>> How do I correct this problem? I get this almost every time I log >>>>>>>> in to a Ubiquiti radio. >>>>>>>> NGL >>>>>>>> >>>>>>>> If you can read this Thank A Teacher. >>>>>>>> And if it's in English Thank A Soldier! >>>>>>>> _______________________________________________ >>>>>>>> Wireless mailing list >>>>>>>> Wireless@wispa.org >>>>>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Wireless mailing list >>>>>>>> Wireless@wispa.org >>>>>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>>>>>> >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> Wireless mailing list >>>>>>> Wireless@wispa.org >>>>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>>> Wireless mailing list >>>>>> Wireless@wispa.org >>>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> Wireless mailing list >>>>> Wireless@wispa.org >>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>>> >>>>> >>>> >>>> >>>> -- >>>> Best Regards, >>>> Jon Hebb >>>> Hebb Networks >>>> >>>> www.hebbnetworks.com >>>> Cell: 304.680.6777 >>>> Office: 304.460.5533 >>>> >>>> _______________________________________________ >>>> Wireless mailing list >>>> Wireless@wispa.org >>>> http://lists.wispa.org/mailman/listinfo/wireless >>>> >>>> >>> >>> _______________________________________________ >>> Wireless mailing list >>> Wireless@wispa.org >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> >> >> _______________________________________________ >> Wireless mailing list >> Wireless@wispa.org >> http://lists.wispa.org/mailman/listinfo/wireless >> >> >
_______________________________________________ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
