User Tools

Site Tools


ssl_configuration

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
ssl_configuration [2019/03/01 15:31] lucyssl_configuration [2022/04/20 10:24] (current) lucy
Line 17: Line 17:
   * **Step 4:** Go to the settings/SSL settings menu, choose "letsencrypt" and let LUCY generate the trusted certificate. If the page is not refreshing automatically: please refresh the page after max 5 minutes.   * **Step 4:** Go to the settings/SSL settings menu, choose "letsencrypt" and let LUCY generate the trusted certificate. If the page is not refreshing automatically: please refresh the page after max 5 minutes.
  
-{{ trsuted_cert.png?600 }}+{{ trusted_cert.png?600 }}
  
  
 ===== Using SSL for attack simulations or awareness training ===== ===== Using SSL for attack simulations or awareness training =====
  
-  * **SSL for attack simulations:** You have the option to generate a certificate or upload one. If you want the certificate to be trusted to avoid an SSL error message please pick "lets encrypt". Please go to the scenario settings within the base settings of your campaign and then click on "SSL settings" (1). In case of LetsEncrypt (2) it will automatically use the domain (3) configured within the scenario settings. You can enter a valid email address (4) in the last field. Please note, that "Let's Encrypt" needs a publicly available domain name to generate a certificate. Please make sure your domain is accessible and points to Lucy.+  * **SSL for attack simulations:** You have the option to generate a certificateupload one or select an existing one. If you want the certificate to be trusted to avoid an SSL error message please pick "lets encrypt". Please go to the scenario settings within the base settings of your campaign and then click on "SSL settings" (1). In case of LetsEncrypt (2) it will automatically use the domain (3) configured within the scenario settings. You can enter a valid email address (4) in the last field. Please note, that "Let's Encrypt" needs a publicly available domain name to generate a certificate. Please make sure your domain is accessible and points to Lucy.
  
 {{ ssl_campaign.png?600 }} {{ ssl_campaign.png?600 }}
Line 30: Line 30:
 {{ awarw_ssl.png?600 }} {{ awarw_ssl.png?600 }}
  
 +:!: Please take into account that Lucy uses a third-party SSL provider - Let's Encrypt that has some limitations. The most common one is that you cannot issue more than __5 certificates per week__ for the same domain name. Find more at: [[https://letsencrypt.org/docs/rate-limits/|https://letsencrypt.org/docs/rate-limits/]]
 +
 +To avoid that limit you can use a previously issued SSL certificate in your campaigns by choosing the option "**Select Existing SSL Certificate**" in the SSL Provider list.
  
   * **Link generation within the message template:**: If you enable SSL in your campaign scenario, LUCY will populate the %link% variable with "https://domain-in-scenario-settings" instead of "http://domain-in-scenario-settings"   * **Link generation within the message template:**: If you enable SSL in your campaign scenario, LUCY will populate the %link% variable with "https://domain-in-scenario-settings" instead of "http://domain-in-scenario-settings"
Line 43: Line 46:
 ===== Create a Certificate within a Campaign LUCY ===== ===== Create a Certificate within a Campaign LUCY =====
  
- 
-If you decide to use SSL for the campaign and you want to generate a custom certificate you can do this by clicking Generate CSR or Certificate. 
- 
-{{ ssl_gen_1.png?direct&600 }} 
  
  
Line 59: Line 58:
 After the verification, (most providers will either do verification by sending an email to the email address within the WHOIS record or to the email specified within the CSR) you will have to upload the certificate to LUCY. After the verification, (most providers will either do verification by sending an email to the email address within the WHOIS record or to the email specified within the CSR) you will have to upload the certificate to LUCY.
  
-As an alternative: LUCY enables you to create a CSR by clicking "Generate CSR or Certificate" 
  
  
ssl_configuration.1551450686.txt.gz · Last modified: 2019/07/25 12:51 (external edit)