Recently we switched from self-signed certificates to certificates from Let's Encrypt. We used a Windows ACME client (required by Let's Encrypt) to validate our hostname. We had to fill in the "Host Name" field in the https Binding properties page. After the process was succesful and we got the certificate, the web-site is functioning properly from the Internet but it gives a 404 response when we request things locally. If we delete the Host Name property the site functions as expected both locally and from the Internet. We would have the name removed but we set the ACME tool to auto-renew the certificate every three months. Is there a way to have the site both serve loally and leave the Host Name property intact?
Related
We have developed an angular website and we have both personal server and a registered domain extension. We were able to host through public ip using iis but when the domain name was used in throws NET::ERR_CERT_AUTHORITY_INVALID. It also redirects to https by default.
We also tried using xampp too. We don't want to use any cloud servers as our custom domain extension can't be used.
kindly help us to host the website.
As you mentioned the error message: ERR_CERT_AUTHORITY_INVALID.
This issue is related to your certificate. If you do not currently have a certificate, you can choose to create a self-signed certificate, or apply for a certificate from the Authority.
If you already have a certificate and still have this issue, you can check to see if it is expired and try renewing the certificate.
Firstly I had working custom subdomain for my appservice.
Then I bought SSL wildcard Certificate and then generated pfx file with password. Next I uploaded certificate using Upload Certificate under Private Key Certificates. Certificate has Health Status = Healthy.
Finally, under binding tab I added TLS/SSL binging for my custom domain, choosen this certificate and its type = SNI SSL. Everything seems to be fine, undet custom domain there is SSL State = Secure and SSL Binding = SNI SSL.
When I go to my website - there is no information about any certificates.
I also tried the same with Create App Service Managed Certificate - the same effect, status Healthy, but certificate does not appear on the browser.
#mateuszwdowiak It sounds like you successfully added the SSL binding.
There are two main issues that I can think of that might have proceed the unexpected results that you encountered. Firstly, it can take some time for the SSL certificates to propagate out across the web. From my experience, I've seen it take up to 3 hours. Just because the Azure portal says it's binded, does not mean it will be getting served up just yet.
Secondly, I've seen browser cache also come into play.
It's been a few days but I wanted to see if you resolved this issue. If not, can you please try re-binding your wild card cert, wait up to 3 hours, and then using a fresh browsing session, attempt to browse your site. This should resolve the matter. If not, please reply back so we can assist you further.
I have moved a client website across to a subdomain of my companies website for development.
The client website has a working SSL certificate. Successfully redirects to https:// - everything works like a charm.
I have straight copied the code to the development folder and gone to load the page and receive the error:
This site can’t provide a secure connection
Site sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
I go to the security tab within Chrome and can see the certificate is valid and trusted. The resources are all served securely. However I am unable to access the site as 'This page is not secure.':
This page is not secure.
Certificate - valid and trusted
The connection to this site is using a valid, trusted server certificate issued by unknown name.
Resources - all served securely
All resources on this page are served securely.
As this is only a development site I am happy for it to not be secure - so long as the live site stays secure and my clients are able to view the development site.
Our team has a Windows 2008 server which is used primary for a common IIS dev box.
I want to enable SSL on one of the websites on IIS, so that it can only be accessed via HTTPS.
I created a self-signing certificate in IIS and installed it. However when I access the website via the browser (Chrome, Firefox or IE - doesn't matter), it always gives the scary..."this is not secure" screen. I've tried installing the certificate on my own computer, rebooting and I still get that screen.
One thing that I noticed is when I create a self-signed certificate, it adds the domain name to it...for instance, the name of the box is webIIS and our login domain is COMPANYDOMAIN. So it will say that the certificate was created by webIIS.COMPANYDOMAIN.com. This url resolves to nothing, since there is no such thing.
Am I going about it the wrong way?
I've answered a similar question here.
Few afterwords:
Your server should have a dns name. If it is in a domain (Active directory or something) it surely does. Find it, use it in CN of the SSL certificate.
CA that will issue SSL certificate should be trusted by clients accessing the server and by the server itself. Place CA certificate in Trusted Root Store (in LocalMachine store) on the server and all clients that will access it. If you have Active Directory it should be pretty simple to distribute it.
CRL that CA has to issue in defined intervals (it's up to you if the CRL will be issued one a day, month, year or lifetime) has to be accessible by clients and server. Either place it at http url that you gave when issuing SSL certificate or manually place in each certificate store (in Trusted Root Store).
I am attempting to add ssl to my custom domain for the windows azure websites. I have configured everything properly according to the guides, but for an unknown reason when I attempt to access my website via HTTPS, it returns with a connection denied error. the redirect still works perfectly fine with a standard HTTP request.
for reference (https://www.cryptoalias.io)
short version of method (in case I missed something):
bought a SSL cert from comodo.com
generated a .pfx from the .cer they issued to me (using iis)
uploaded .pfx to azure
verified cname: created custom domain redirect to azure
bound ssl to custom domain
configured A name redirect to the VIP azure issued me. remove cname redirect
attempt to connect to https = nothing, http works.
sorry I realize this is rather short on information, but I'm not sure what more I could provide besides the actual SSL cert.
You need to configure your cert on 2 domains: cryptoalias.io and www.cryptoalias.io. Because if you go to https://cryptoalias.io/ your cert works fine.