Question/Behavior:
Differentiation between public and private certificates for your DocuWare On-Premises system.
Differentiation between public and private certificates for your DocuWare On-Premises system.
Answer/Solution:
1 Public Certificates
1 Public Certificates
-------------------------------------------------------------
Certificates from public certificate authorities require proof of the requester's identity and that the requester owns the domain to be authenticated. These must be renewed regularly and can only be used for registered domains.
First of all, it is your decision which certificate provider you use and trust.
Public open certification authorities offer free certifications which are added to your web server. If you are not familiar with this, we recommend “Let's Encrypt”. Your IIS server must be accessible from outside your network.
A description on how to install an SSL certificate from Let's Encrypt can be found on our GitHub page.
If your server is not reachable from outside your network, there is still a possibility to get a certificate with Let's Encrypt. How this works is described here.
If your server is not reachable from outside your network, there is still a possibility to get a certificate with Let's Encrypt. How this works is described here.
Furthermore, there are also public certificates, which can be purchased for a fee from other third-party certification authorities.
2 Private Certificates
2 Private Certificates
Private certificates are useful for websites that can only be accessed via the intranet. These have a long validity period, but as mentioned before, they are only trusted within the company.
2.1 Self-signed certificates
2.1 Self-signed certificates
Self-signed certificates are signed and created by the server itself, which is why they are considered insecure for public websites and applications.
The validity period can be chosen as desired, but must still be renewed when it expires. Since these certificates do not pass through an authorized certificate authority, browsers consider the certificate to be insecure. To circumvent this, the certificate must be stored and trusted with the client in the browser. Here is an article on how to create a self-signed certificate on your Windows server.
2.2 Certificates from enterprise certification authorities
The validity period can be chosen as desired, but must still be renewed when it expires. Since these certificates do not pass through an authorized certificate authority, browsers consider the certificate to be insecure. To circumvent this, the certificate must be stored and trusted with the client in the browser. Here is an article on how to create a self-signed certificate on your Windows server.
2.2 Certificates from enterprise certification authorities
This type of certification runs via a central certification authority, which is operated by the company itself. One advantage of this is that the certificates do not have to be installed on all devices because the certification authority is already stored as trustworthy on the users' computers. However, this usually only makes sense for large companies that already operate a certification authority.
3 How to install the certificate on your server
3 How to install the certificate on your server
This article is only valid for On-Premises systems.