Occasionally, I run into this situation: Someone wants to install InstaTech Server to evaluate it, but they get stuck at the SSL certificate installation part. InstaTech currently enforces SSL, so the certificate installation is necessary. I’m happy to help people get a free Let’s Encrypt certificate installed, but it’s not always possible.
I made encryption mandatory because I didn’t want to put anything out there that had any potential for being used in an unsafe manner. My thought is that someone who is less informed about the importance of encryption may opt to skip it if allowed and put themselves and their customers at risk.
I attempted to make this as easy as possible, though. After running the installer, a quick start guide opens, and the first thing is a link to http://certify.webprofusion.com/. This is by far the easiest way to get a certificate installed on an IIS server, in my opinion.
But recently, I’ve been thinking about those who are aware of the security implications, but simply want to test it internally first.
The first idea I had was to allow an unencrypted connection, but throw up huge warning messages. The second was to only allow it if it’s on the same subnet or domain (or some other manner of determining if it’s on the LAN).
What are your thoughts? I’d love to hear them.