Do we have recommendations how to easily create a self-signed SSL/TLS certificate? The latter is required to switch a DMA from HTTP to HTTPS?
Thomas Gunkel [SLC] [DevOps Enabler] Answered question 8th February 2023
Generating self-signed certificates can be done for development/testing purposes, but please don't use self-signed certificates on production systems. Either use an external Certificate Authority (in case your systems are externally accessible), or set up a local CA. If you have a Windows Domain Controller then you can install the Certificate Authority role (AD CS). This way you can generate certificates using a template and the certificates can be signed by the domain controller so that they are automatically trusted on every client machine joined in the domain.
Wim Bruynooghe [SLC] [DevOps Enabler] Answered question 1st February 2023
Hi Thomas,
While it’s not an answer to your question, instead of working with a self-signed certificate, it’s better to work with a real TLS certificate that you obtain through a Certificate Authority.
*A self-signed certificate will be flagged as insecure by your computer by default and needs to be installed on all client machines.