I have recently bought a web server where I issued SSL certificate and I also bought my domain. I also have VPS server where my API will be located and accessed from the web server. Now the question is this -- is there any way I can use my automatically generated SSL certicate for my VPS server as well?
I added domain like xxx.yyyy.sk and forwarded it to my VPS IP address. When I tried SSL https:// I just received an error ERR_SSL_PROTOCOL_ERROR. (this happened while I used my automatically generated certificate)
I also tried issuing certificate on my own in my VPS server using OpenSSL but it seems like I have overwritten my automatically generated certificate because now the certificate is valid but browser says it's not secure..
Is there any way to prevent this 'not secure' status? It's quite annyoing and I want to get rid of it since I am building an e-shop and it would not be appropriate for users to see 'not secure' once they fill in sensitive data.
Thank you for any sensible answers!
You can use the following command to generate a certificate with letsencrypt.
sudo certbot certonly --standalone -d xxx.yyyy.sk
Related
We have developed an angular website and we have both personal server and a registered domain extension. We were able to host through public ip using iis but when the domain name was used in throws NET::ERR_CERT_AUTHORITY_INVALID. It also redirects to https by default.
We also tried using xampp too. We don't want to use any cloud servers as our custom domain extension can't be used.
kindly help us to host the website.
As you mentioned the error message: ERR_CERT_AUTHORITY_INVALID.
This issue is related to your certificate. If you do not currently have a certificate, you can choose to create a self-signed certificate, or apply for a certificate from the Authority.
If you already have a certificate and still have this issue, you can check to see if it is expired and try renewing the certificate.
How to create a Let’s Encrypt self signed certificate for a subdomain?
To be specific:
sub.domain.com (needs a certificate and points to an ip address)
domain.com (does not point to anything)
When following the following instructions, I get the following errors:
>>> sudo -H ./letsencrypt-auto certonly --standalone -d sub.domain.com --register-unsafely-without-email
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for sub.domain.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. sub.domain.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: sub.domain.com
Type: connection
Detail: Timeout
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
You can create Let's Encrypt Certificate for subdomain without pointing domian to any root.
Login to DNS management and create A NAME Record for subdomian. For A NAME you would need IP address
Verify sub.domian.com is accessible over internet.
run script for sub.domian.com.
https://zerossl.com/free-ssl/#crt can be also used to generate certificates and key however it would need some manual step to create .well-known and aceme-challenge folder need to be created in sub.domian.com /DocumentRoot
You need to run the commands on the server, cause the command verifies you control the domain, so if it's not on the server it can't verify correctly.
Our team has a Windows 2008 server which is used primary for a common IIS dev box.
I want to enable SSL on one of the websites on IIS, so that it can only be accessed via HTTPS.
I created a self-signing certificate in IIS and installed it. However when I access the website via the browser (Chrome, Firefox or IE - doesn't matter), it always gives the scary..."this is not secure" screen. I've tried installing the certificate on my own computer, rebooting and I still get that screen.
One thing that I noticed is when I create a self-signed certificate, it adds the domain name to it...for instance, the name of the box is webIIS and our login domain is COMPANYDOMAIN. So it will say that the certificate was created by webIIS.COMPANYDOMAIN.com. This url resolves to nothing, since there is no such thing.
Am I going about it the wrong way?
I've answered a similar question here.
Few afterwords:
Your server should have a dns name. If it is in a domain (Active directory or something) it surely does. Find it, use it in CN of the SSL certificate.
CA that will issue SSL certificate should be trusted by clients accessing the server and by the server itself. Place CA certificate in Trusted Root Store (in LocalMachine store) on the server and all clients that will access it. If you have Active Directory it should be pretty simple to distribute it.
CRL that CA has to issue in defined intervals (it's up to you if the CRL will be issued one a day, month, year or lifetime) has to be accessible by clients and server. Either place it at http url that you gave when issuing SSL certificate or manually place in each certificate store (in Trusted Root Store).
I have installed SSL on node server. I have made changes in app.js too.
Now when i am trying to run my website
example.com
I am getting Popup like this
Why i am getting this popup?
Is certificates doesn't installed correctly?
Thanks
The browser is asking you if you wish to authenticate yourself to the server using a certificate.
Clearly you have a certificate and a public/private key pair attached to your local account, or it wouldn't be asking you.
Simply click cancel if this is not intended.
Use the Windows Certificate Manager to check what certificate it is. In all likelihood you have installed the server certificate as a personal certificate on your account.
I have a bunch of node.js apps serving information to an apache site via websockets (ws://). The site itself doesn't have a domain name and is accessed through its IP address (that's non-negotiable, unfortunately...)
The problem is the following :
Without a secure connection, browsers will block the ws://
traffic, so I have to use SSL and secure websockets wss://
Without a domain name, I cannot secure the connection except by
generating a self-signed certificate.
Self generated certificates are not trusted by browsers and
display an error 'certificate not trusted...'. Last chrome update
made it even more annoying to get through the message.
In addition to that, the IP changes regularly and is sent to the users (2-3 people) when it happens. So a certificate issued for a specific IP wouldn't be ideal (if it's free I can deal with the hassle of refreshing the cert).
Does anyone have a solution ?
If you only have a user or two, you could create your own CA, and have each person install it on their browser. You would still need to update the cert every time the IP changes though. google.ca/search?q=create+your+own+ca