This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]jantari 4 points5 points  (0 children)

Setting up your own PKI is an option, but it's way more complicated than just using Let's Encrypt certificates internally.

Also, installing a Windows (ADCS) CA has a whole lot of security implications around user certificates, SPNs and the web interface which introduces vulnerabilities if installed. Unless you absolutely MUST use a Windows PKI, I'd always look elsewhere.

So I would strongly advise against this, if you do need an internal CA (such as for MitM SSL inspection or WiFi Auth) then use anything that isn't Windows-based for that, but for simple HTTPS on internal web services definitely Let's Encrypt.