AnsweredAssumed Answered

Certificates, Security and LAN only solutions

Question asked by philmodjunk on Dec 14, 2017
Latest reply on Dec 20, 2017 by robwoof

I've read a lot of posts on the topic, but now it's my turn to start dealing with SSL certificates and FileMaker Server 16 as I move a solution from FileMaker 10 to 16.


I thought I knew what was what, but I've got a fellow tech resisting the idea that we need to purchase and install a certificate. (He also has not set up a domain and I was asking him if we needed a domain before we acquired a certificate only to get feed back that we don't need the cert.)


So I need to be absolutely sure that I know what I'm talking about before I push for that Certificate:


The solution is not published to the Web nor accessed from any sort of cloud based hosting. The solution sits behind a firewall and is accessed both by wire and WiFi over the LAN.


The main argument from this tech is that because the solution sits behind a firewall, SSL encryption of the LAN traffic does not provide additional security. I used to think the same, but after a few DEVCON sessions, it would seem that if a mal-intentioned person did get on the network, either as an employee that knows the password or as a person that deduces/"surfs" the WiFI password, they could use a utility such as wire-shark to monitor the packets and pick up sensitive info.

Is that a legitimate concern?


And he indicated that the cert would need to be updated regularly not only on the server but each workstation. That last one is a new one on me. Is that really the case?


Are there other reasons, other than stopping the "nag" messages about insecure connections, for installing a certificate on such a solution?