Monday, 10 October 2016

OTRS and HTTPS

Following the recent upgrade of OTRS on our servers to the latest version, I went one step further and decided to deploy https to wrap it all up. There is no significantly important data shared or entered in our OTRS configuration, but I think it a worthwhile exercise to put encryption in place. I've only really touched on SSL once or twice before with server configurations, and I started out by looking for a cheap certificate. The thing is, this is a commercial application of the system and I didn't want to use a non-profit or education SSL cert for something that is part of our money making enterprise.

Enter "Let's Encrypt". I read about this somewhere - probably one of the many *almost* spam newsletter type emails I get during the week from a vendor. A Google search brought up a DigitalOcean write up on how to apply this to the particular version of Linux I'm running.

I'm just going to say that I love the DigitalOcean walk through's. They're clear and easy to follow. I tend to have bits of extra complexity in my installs, but I'm usually able to extrapolate from the D/O information to get want I want. Here is the link to the walk through that I used:

https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04

Get around it - it's great. So now we have an encrypted OTRS site and it works well.

Apart from just having an encrypted site, we have also noticed a pleasing uptick in the responsiveness of the site and a removal of an ongoing issue we were having access it from external. When my techs would try to connect to the page from outside the office and then enter data into it, they would have to continuously re-authenticate. This was completely unusable and also one of those problems I just never seemed to have time to get around to fixing. Now, with https:// in front of the address, this problem has disappeared! The site responsiveness isn't to be ignored - no matter where it's being accessed from, the page is significantly faster, a fact which pleases all of us.

To summarise - spend the time and get the encryption happening for OTRS - it's worth it!

No comments:

Post a Comment