Secure Nethserver to be able to deploy certs?

Hi Community,

I like to setup a 2Tier Windows CA and deploy the certs with Nethserver as a Webserver.
I put the certs under /var/www/html/CertEnroll/ and they are reachable from the Internet via port 80.

On Nethserver I just have one (green) Interface. Do I have to use a 2nd (red) Interface to get a firewall and how must the folder and files (certs) be modified to get it most secure?

P.S. How to create a cert-request under CLI for Nethserver (Webserver)?

Do you mean something like this except of using NethServer instead of IIS? I never tested that but it I think it could work.

BTW, another way to get valid certs is letsencrypt. NethServer supports DNS challenge too, for advanced setup check out the wiki.

I recommend to use the Web Server Virtualhosts module instead of copying files to /var/www/html/CertEnroll/ because you have more GUI options to secure it like “Allow trusted networks only” or “Require HTTP auth”.

NethServer enables shorewall firewall by default.

For just opening ports it’s enough to use the Services panel in server manager.

To manage the firewall, just install the Firewall module.

To use NethServer as full firewall/gateway you need at least a second interface but it’s no problem to run in “Server mode” with just 1 green interface.

NethServer 7 derives from CentOS 7 so any tutorial like this should work.