View Source

The DualShield 6.x Platform includes a certificate service that supports Let's Encrypt.

If you are upgrading an old DualShield 5.x server to the latest DualShield 6.x server, then you must select the "Certificate Server" component in the upgrading process:

DualShield MFA Platform > Prerequisite for using Let's Encrypt > image2022-1-30_14-53-47.png

If are installing a new frontend DualShield server, then you must select the "Certificate Server" component in the installation process:

DualShield MFA Platform > Prerequisite for using Let's Encrypt > image2022-1-30_15-59-0.png

To check if the certificate server is in operation or not, navigate to "http://localhost/cert/hello"

DualShield MFA Platform > Prerequisite for using Let's Encrypt > image2022-1-30_16-3-28.png

Port 80

Let's Encrypt requires port 80 to be open when a new certificate is being installed and when an existing certificate is being renewed. A Let's Encrypt certificate is valid for 90 days, which will be automatically renewed on the day it expires.

Let's Encrypt recommends that you should keep port 80 open

https://letsencrypt.org/docs/allow-port-80/

DualShield MFA Platform > Prerequisite for using Let's Encrypt > image2022-1-30_15-46-34.png

"Allowing port 80 doesn’t introduce a larger attack surface on your server", said Let's Encrypt, "because requests on port 80 are generally served by the same software that runs on port 443."

However, Let's Encrypt only needs to be able to access the /.well-known/acme-challenge/ path. You can configure your firewall to block access to everything else, if you want.

To check if or not port 80 is open to the Internet, navigate to http://your-dualshield-fqdn/cert/hello

DualShield MFA Platform > Prerequisite for using Let's Encrypt > image2022-1-30_15-48-22.png