Does SimpleHelp encrypt the session without SSL?

I’m hardening my SimpleHelp server and am looking at SSL. But I was having a mooch around the settings and noticed this. Does this mean that you don’t really need SSL? I’m aware that as anything can be sent via HTTP that it would be relatively easy (!) for the SimpleHelp team to implement their own encryption across HTTP.

All communication is always encrypted. No cert is required.

So the only unencrypted bit is the initial web interface used to initial a remote session or install the remote access client. I can live with that being unencrypted. Although don’t Google keep threatening to ban non-SSL websites? I suspect they’d like to but too many non-SSL sites out there.

The encryption and transport layers are separate, meaning SimpleHelp will always encrypt data, and then choose an appropriate transport to send the encrypted data over.

Having said that, we always suggest installing a certificate if possible to give customers who visit your site a better experience. If your server is listening on port 80 you can install a Let’s Encrypt certificate (they’re free and integrated into SimpleHelp).

1 Like

This is wrapped up in me trying to get IIS reverse proxy working on my server so I can use LetsEncrypt. At the moment it’s on port 8080 so the tools don’t work. I’m going to raise another post on this as it’s not quite working.

I didn’t know this was available. Just followed the directions and it worked great on my Windows Server 2019. Now my customers will be directed to a secure website. Much more professional.