LetsEncrypt a Windows Server 2012 R2 Web Application Proxy

0
ARR and WAP Request Paths
ARR and WAP Request Paths

Recently STH forum member posted an awesome how-to guide about using the LetsEncrypt service to encrypt a Windows Server 2012 R2 application proxy. LetsEncrypt is a service that provides free SSL certificates, the kinds previously you would spend a hundred dollars or more per year on. While for larger sites, the cost of SSL certificates is negligible, it has been a major barrier to many smaller sites and personal projects using SSL encryption.

Check out the full guide in the STH Forums Resource section.

ARR and WAP Request Paths
ARR and WAP Request Paths

About the Author

David is an Senior Consultant and Infrastructure Architect with one of Australia’s largest telecommunications companies, and has over 20 years of experience designing, implementing and supporting infrastructure solutions for Australian and international organisations.

David works primarily with Microsoft environments (AD, Exchange, SQL, Hyper-V) but also has extensive experience across storage, networking and systems development, in environments ranging from just 5-10 users up to 1.3 million users.

LetsEncrypt a Windows Server 2012 R2 Web Application Proxy Overview

With Chrome (and presumably Edge and Firefox in the future) beginning to move towards an “SSL preferred” world (and I anticipate a future move to “enforced SSL”), it’s beginning to look like HTTPS will be required for most sites.

Microsoft-centric environments generally have websites hosted on IIS – possibly plain webs, but also LOB applications, Exchange, SharePoint etc (yes, there’s the cloud – but that doesn’t suit all organisations).

LetsEncrypt are moving towards production-ready status, offering free certificates with short expiry and automated renewal. Free, fully trusted certificates are available today, and there are Windows tools to generate and renew.

Wouldn’t it be nice if it were possible to do certificates for free, and still comply with security requirements (like reverse proxies in a DMZ for external users accessing websites)?

With that in mind this guide presents an architecture and approach for ongoing support for SSL certificates that’s scalable to dozens or hundreds of web applications and websites, can provide HA for applications and the reverse proxy layer, and takes little more time to set up than HTTP.

Check out the full guide in the STH Forums Resource section.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.