Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). Their service offers free TLS/SSL certificates and can be used with the EventSentry Web Reports.
|M: Create new certificate (full options)|
|2: Manual input|
|1: [http-01] Save verification files on (network) path|
|2: RSA key|
|1: IIS Central Certificate Store (.pfx per domain)|
|3: No (additional) store steps|
|4: No (additional) installation steps|
Configure a TLS connector by editing the server.xml file, by default located in:
<Connector port="8443" protocol="HTTP/1.1" relaxedQueryChars="" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Program Files\EventSentry\WebReports\conf\demo.example.com.pfx" keystorePass="" keystoreType="PKCS12" sslEnabledProtocols="TLSv1.2"/>
If you would also like to disable HTTP, look for this connector:
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />
Either delete it or comment it out (enclose it in <!-- and -->)
After restarting the "EventSentry Web Reports" service, navigate to https://demo.example.com:8443 to test & access the web reports through TLS.
Now that the web reports are running with a valid certificate, it's recommended to automatically renew the certificate since Let's Encypt only issues ceritificates for 90-days at a time. Running the wacs.exe command with the --renewal flag will check the certificate's expiration date and automatically renew your certification 55-days after creation. This provides you with an adequate amount of time to resolve any issues that may arise when renewing your certificate.
You can utilize the EventSentry's Application Scheduler to check for updates every day at 9AM:
As an alternative, you can also schedule the command with the Windows Task Scheduler:
Adding Task Scheduler entry with the following settings - Name win-acme renew (acme-v02.api.letsencrypt.org) - Path C:\Program Files\win-acme - Command wacs.exe --renew --baseuri "https://acme-v02.api.letsencrypt.org/" - Start at 09:00:00 - Time limit 02:00:00