Sky-Knight
Well-Known Member
- Reaction score
- 5,513
- Location
- Arizona
On Oct 10th 2021, the certificate for *.calyxpds.com will EXPIRE!
Calyx in their infinite wisdom installed a wildcard certificate for this domain on every single Point Central installation that used their calyxpds.com name.
This of course means that any Point Central user can spoof any other via SSL... (And those door knobs questioned me when I told them why I refused to expose Point Central to the world)
Anyway...
If you have a client that uses Point Central, and they're using that busted insecure certificate that half the world has a copy of... you're going to need to replace it. This entails configuring a normal domain on the Point Central IIS server. It needs to be a real one because you need a real certificate for that domain. I'm using Certify The Web to do a DNS challenge against a Cloudflare.com API hosting my client's DNS to get my certificate for free with automatic renewals every 90 days. But you could just as easily buy one and install it too, whatever is easier.
Once all that crap is done and IIS is configured to use the new certificate, you need to run the Point Central Configuration utility again to reconfigure the app to NOT use the provided domain. One of the last things it asks about is a "custom domain", then it just sort of goes dead.
The hardest part is getting the internal DNS to resolve correctly...
But you'd better get on that, because if you don't and the 10th gets here Point Central dies due to an expired certificate.
Calyx in their infinite wisdom installed a wildcard certificate for this domain on every single Point Central installation that used their calyxpds.com name.
This of course means that any Point Central user can spoof any other via SSL... (And those door knobs questioned me when I told them why I refused to expose Point Central to the world)
Anyway...
If you have a client that uses Point Central, and they're using that busted insecure certificate that half the world has a copy of... you're going to need to replace it. This entails configuring a normal domain on the Point Central IIS server. It needs to be a real one because you need a real certificate for that domain. I'm using Certify The Web to do a DNS challenge against a Cloudflare.com API hosting my client's DNS to get my certificate for free with automatic renewals every 90 days. But you could just as easily buy one and install it too, whatever is easier.
Once all that crap is done and IIS is configured to use the new certificate, you need to run the Point Central Configuration utility again to reconfigure the app to NOT use the provided domain. One of the last things it asks about is a "custom domain", then it just sort of goes dead.
The hardest part is getting the internal DNS to resolve correctly...
But you'd better get on that, because if you don't and the 10th gets here Point Central dies due to an expired certificate.
