I have some internal services that I need to secure them with https.
What security issue can happen if I use a self-signed ssl and trust it on all client's systems?
Related
I have a webapp server based on nodejs installed on Windows Server 2016. I want to install an SSL Certificate on such server. I've generated a free SSL from Cloudflare but it downloaded a DER file. The person responsible for configuring the Webserver said he needs a .pfx and a passphrase in order to install the SSL Certificate. Is there a way to convert .der to .pfx with a passphrase, or is there any other way to do that for free or buy one at a very low cost,
Thanks in advance!
If you need a custom SSL certificate for you server, consider obtaining it directly from Let's Encrypt https://letsencrypt.org/.
Alternatively, you can use Cloudflare as a reverse proxy on top of your Node.js server that will add SSL automatically without a need to configure anything (other than creating a DNS record and checking "Cloudflare Proxy" (orange) checkbox. Then in your server settings, you would just configure firewall rules to allow connections only from Cloudflare IPs that can be found here — https://www.cloudflare.com/ips/.
I am developing an application with Node.js to consume apis. I want to use Cloudflare protection services with my server, one of the services is SSL / TLS.
Is it possible to implement the "end to end" certificate that cloudflare gives in an application with Node.js?
I have the private key and origin key files that Cloudflare gives me for this.
Thx.
I have a software running on my server which is called Gitlab. The service is accessible through a SSH, HTTP and a HTTPS endpoint. All three access points are reachable through a SSH tunnel, so binded to 127.0.0.1.
> 127.0.0.1:80 # HTTP
> 127.0.0.1:443 # HTTPS
> 127.0.0.1:1234 # SSH
To enable HTTPS, I created my own SSL certificate but of course there is no authority which confirms its authenticity. So even if I satisfy my server to work with it, I am wondering if I should even continue using it.
There are a lot of services on the server, or client tools which connect to it, and all would need to respect their system keychain where the public key is stored in as "trustworthy". Does anyone have experience with this constellation?
Using a self-signed certificate is the default configuration, to speed up the startup process, and it's up to you to decide if you want to install a trusted certificate from a third party CA, or a local CA (maybe your AD integrated CA). If a service is local or internal to your company, you can decide to keep it self-signed.
In the environments i was involved with, there was a AD integrated CA and we signed everything with that.
Further informations: https://docs.gitlab.com/ee/user/project/pages/custom_domains_ssl_tls_certification/ssl_tls_concepts.html
https://www.ssllabs.com/ssltest/analyze.html?d=recruit.equitysim.ai
Situation:
A client needs to access our site over a secure connection but is unable to do so because of a problem with our certificate.
We purchased a wildcard certificate and set it up as per the documentation. If you notice in the provided link, our certificate is trusted.
We are using the Azure App Service to host our website on a paid level that includes custom domain and SSL support.
Problem:
According to the test, it appears that Microsoft's SSL certificate is not trusted - alternative names mismatch (See Certificate #2). We believe this to be the reason why our client is unable to access our site.
Any thoughts on the matter? We know it isn't an SNI problem because we have another site that is hosted on a VM that also requires SNI support and they can visit that site just fine.
I have developed a RESTful web service using Node.js. I want to host this service on my home PC which is having static IP(which can be access from internet). But I want to host this service using SSL. Note that my home PC is not associated with any internet domain. So I want to know how to host my Webservice using ssl on my home PC. Also I want to know where to buy ssl certificate and what type of certificate? Because most of the certificate authorities who sells certificate talking about ssl for website only.