I have a webapp server based on nodejs installed on Windows Server 2016. I want to install an SSL Certificate on such server. I've generated a free SSL from Cloudflare but it downloaded a DER file. The person responsible for configuring the Webserver said he needs a .pfx and a passphrase in order to install the SSL Certificate. Is there a way to convert .der to .pfx with a passphrase, or is there any other way to do that for free or buy one at a very low cost,
Thanks in advance!
If you need a custom SSL certificate for you server, consider obtaining it directly from Let's Encrypt https://letsencrypt.org/.
Alternatively, you can use Cloudflare as a reverse proxy on top of your Node.js server that will add SSL automatically without a need to configure anything (other than creating a DNS record and checking "Cloudflare Proxy" (orange) checkbox. Then in your server settings, you would just configure firewall rules to allow connections only from Cloudflare IPs that can be found here — https://www.cloudflare.com/ips/.
Related
I have a windows server 2012 with a SSL Certificate running in IIS.
I have a Node JS app deployed on that server too, i'm using pm2 to manage this project, but, I need to use this project with https too.
How I can do this?
Previously I tried to re-key the certificate with Open SSL following the steps of this link:
Setting up real SSL with Node JS
Everything is ok, but when I re-key the certificate with the .csr generated by openSSL, my certificate on IIS stop working.
How can I achieve this?
I'm using GoDaddy for the SSL certificate.
Thanks in advance.
So you're essentially trying to use the same certificate on two different web servers? Presumably they serve to different domains? (e.g. a.mydomain.com, b.mydomain,.com).
If their base domain is the same you can look into getting a certificate issued that has a wildcarded domain (*.mydomain.com). If your registrar doesn't support this, or if your domains are totally different and not related, then you need two different certificates.
I have a software running on my server which is called Gitlab. The service is accessible through a SSH, HTTP and a HTTPS endpoint. All three access points are reachable through a SSH tunnel, so binded to 127.0.0.1.
> 127.0.0.1:80 # HTTP
> 127.0.0.1:443 # HTTPS
> 127.0.0.1:1234 # SSH
To enable HTTPS, I created my own SSL certificate but of course there is no authority which confirms its authenticity. So even if I satisfy my server to work with it, I am wondering if I should even continue using it.
There are a lot of services on the server, or client tools which connect to it, and all would need to respect their system keychain where the public key is stored in as "trustworthy". Does anyone have experience with this constellation?
Using a self-signed certificate is the default configuration, to speed up the startup process, and it's up to you to decide if you want to install a trusted certificate from a third party CA, or a local CA (maybe your AD integrated CA). If a service is local or internal to your company, you can decide to keep it self-signed.
In the environments i was involved with, there was a AD integrated CA and we signed everything with that.
Further informations: https://docs.gitlab.com/ee/user/project/pages/custom_domains_ssl_tls_certification/ssl_tls_concepts.html
guys!
I already have a valid and running wildcard SSL certificate from GoDaddy on an IIS server, and I need to install this certificate on Heroku (for a subdomain).
I'm still not sure if I should export the certificate from IIS (and how to import that on Heroku) or just regenerate a CSR and re-emit the certificate. If I go for the second option, will my IIS certificate keep working?
Thanks in advance!
Felipe
Open the certificate manager from the mmc snapin and then load the local computer's certificate store. Once insde, find your certificate and export it along with the private key. Take the outputted file and import into Heroku. No need to regenerate.
I've found some tutorials about transferring SSL from Windows to Linux server such as this one here: https://major.io/2007/03/23/exporting-ssl-certificates-from-windows-to-linux/. But is it possible to do something like this in shared hosting because in shared hosting Apache configuration may not be allowed?
Well it is possible to transfer an SSL certificate from a Windows (IIS) environment to a Linux (Apache) environment. Within a shared hosting environment, (at least the majority of them) it will not be possible to install the SSL certificate to the hosting account without the help of your hosting provider. The SSL installation requires an IP be allocated to your domain within the server's configuration, unless deployed with SNI, and a VirtualHost entry routing requested to port 443 (TLS/SSL) for your domain on that IP will have to be created. Needless to say these configurations affect the server as a whole and are chargeable services so most providers will not provide you direct access to do this. If your provider uses Plesk or cPanel or Vdeck then this is the case.
That being said it is well worth the money to have your hosting provider complete this configuration for you and the related services are generally pretty cheap. Most providers will average around $20.00 per year for all the services required to have your SSL function on their servers.
I would request information from your provider regarding the installation to see if it is the right solution for you.
As a note Windows (IIS) SSL certificates are commonly PKCS#12/PFX Formated. The PKCS#12 or PFX format is a binary format for storing the server certificate, any intermediate certificates, and the private key in one encryptable file. PFX files usually have extensions such as .pfx and .p12. PFX files are typically used on Windows machines to import and export certificates and private keys. Linux (Apache) will use PEM formatted certificates.The PEM format is the most common format that Certificate Authorities issue certificates in. PEM certificates usually have extentions such as .pem, .crt, .cer, and .key. They are Base64 encoded ASCII files and contain "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" statements. Server certificates, intermediate certificates, and private keys can all be put into the PEM format.
Apache and other similar servers use PEM format certificates. Several PEM certificates, and even the private key, can be included in one file, one below the other, but most platforms, such as Apache, expect the certificates and private key to be in separate files.
I would not bother with the conversion prior to contacting your hosting provider as they can obtain the PKCS#12/PFX certificate from you and then covert it when installing it on the server. You should only have to provide the PKCS#12/PFX formatted certificate.
Well instead of transferring the certificates its easy to reissue the SSL after you have migrated to another hosting platform.
In Shared hosting, you won't have access to the webserver (IIS and Apache) to export and import SSL Certificates. For that, you will have to contact your hosting service provider to transfer the SSL Certificate.
Recently, I've moved SSL Certificate from my Windows VPS to Linux VPS with the help of the following article.
https://www.sslsupportdesk.com/move-certificate-iis-apache/
I am sure that the above link will be helpful if you want to move the SSL Certificate from Windows VPS to Linux VPS.
My web application uses Tomcat7 for hosting web pages and NodeJS for WebRTC. Each of them has a different IP. We've already set up the ssl certificate of Tomcat. My question is can I use the signed certificate of Tomcat in the NodeJS server?
Yes! you can use the installed certificate on your tomcat and NodeJS server.
But, you need to be clear with your common name as there are many different types of certificate available like wildcard ssl, which supports all the sub-domains for a single domain name, multi-domain certificate, which support multiple domain names on a single certificate.
Certificate feasibility depends on your types of certificate, which you can export from apache keystore and import on NodeJS server.
http://nodejs.org/api/tls.html - The following articles will help you for the installation of export certificate from apache to NodeJS server.