So I deployed a React/Node JS app to Heroku. I then set my domain to my custom google domain using this tutorial: https://medium.com/#david.gagne/set-up-a-custom-domain-for-your-heroku-application-using-google-domains-guaranteed-a2b2ff934f97. When I go to my site it says "Not Secure" next to my address. I see I have an SSL certificate and enabled it here:
In Forward settings and also set my Forward To URL to https://www.myWebsite.com
What else do I need to do for my site to become secure?
For the site to be secure you need to upload an SSL certificate on Heroku or use ACM.
Related
We have developed an angular website and we have both personal server and a registered domain extension. We were able to host through public ip using iis but when the domain name was used in throws NET::ERR_CERT_AUTHORITY_INVALID. It also redirects to https by default.
We also tried using xampp too. We don't want to use any cloud servers as our custom domain extension can't be used.
kindly help us to host the website.
As you mentioned the error message: ERR_CERT_AUTHORITY_INVALID.
This issue is related to your certificate. If you do not currently have a certificate, you can choose to create a self-signed certificate, or apply for a certificate from the Authority.
If you already have a certificate and still have this issue, you can check to see if it is expired and try renewing the certificate.
This might be a stupid question, and for that I'm sorry, I'm not well-versed in DNS configurations (so perhaps I shouldn't be meddling in this, lol), but anyhow..
I have a web app running in Azure that is currently undergoing a bit of a name change. Therefore, I want to redirect users trying to access my domain to another domain, let's say https://example.com to https://subdomain.anotherexample.com. I own both domains and have certificates for both of them, but I cannot for the life of me understand how (or if its even possible) to redirect users in this way?
I have both URLs configured as A records for the underlying IPv4 adress, and have tried to configure a re-direct in my cPanel to redirect the domain example.com to https://subdomain.anotherexample.com, but if I try to access https://example.com it just complains that the certificate is from another provider (not my Azure certificate, but instead my web hosting certificate used for other sites). Both URLs are set up as custom domains for the same app service in Azure with SNI SSL certificate bindings where example.com is bound to a standard certificate for that specific domain, while subdomain.anotherexample.com is bound to a wildcard certificate for *.anotherexample.com.
I assume there must be something that's not allowed in trying to redirect between two different domains where https is involved because trying to access http://example.com works (i.e. it re-directs to https://subdomain.anotherexample.com). Do I have to write some kind of script server-side that re-directs users manually?
I choose to host my website in Azure.So I've created a App Service.Then Created a new domain for my App then created/bind the SSL certificate to my corresponding website.
After done with the SSL certificate .I'm still seeing my website url as http//: and not https://
Also i'm not seeing the Green URL for my Website ..!
It look like this
(P.s : My App Service Tier is AzureFreeTier (Basic: 1 Small)
My SSL Type is SNL SSL)
Please help to resolve my problem here
Thanks in Advance,
Jayendran
You need to do a redirect from HTTP to HTTPS. Installing a certificate just makes using HTTPS with your custom domain name possible.
You can either:
Configure your app to redirect to HTTPS when it receives a request over HTTP + enable HTTP Strict Transport Security
Or use an extension in Web Apps to do the first thing:
To install the extension, open your web app blade in Azure Portal. Go to Extensions, then click Add. Then you should find Redirect HTTP to HTTPS from the list and install it.
That will redirect any HTTP calls to HTTPS for you. I would still recommend adding Strict-Transport-Security headers to your responses to make sure your clients do not access your site insecurely the next time.
The reason you arrive to your site on HTTPS after AAD login is because the HTTPS version of your app's URL has been configured in AAD as the reply URL.
And this:
Your Connection to this site is not fully secure Attackers might be able to see the images
is a mixed content warning. It means you are loading content (e.g. images) using an HTTP URL in your pages. Change them to HTTPS and you will solve that problem.
I am attempting to add ssl to my custom domain for the windows azure websites. I have configured everything properly according to the guides, but for an unknown reason when I attempt to access my website via HTTPS, it returns with a connection denied error. the redirect still works perfectly fine with a standard HTTP request.
for reference (https://www.cryptoalias.io)
short version of method (in case I missed something):
bought a SSL cert from comodo.com
generated a .pfx from the .cer they issued to me (using iis)
uploaded .pfx to azure
verified cname: created custom domain redirect to azure
bound ssl to custom domain
configured A name redirect to the VIP azure issued me. remove cname redirect
attempt to connect to https = nothing, http works.
sorry I realize this is rather short on information, but I'm not sure what more I could provide besides the actual SSL cert.
You need to configure your cert on 2 domains: cryptoalias.io and www.cryptoalias.io. Because if you go to https://cryptoalias.io/ your cert works fine.
Example, I go to the facebook webpage and see that the http URL is not https. Maybe they are hiding that it is https. I don't see a lock either on the browser.
In any case, how do websites provide secure registration web pages? I'm looking to create a registration and user login page.
Thanks for your help!
SP
your hosting server should provide SSL services
You should purchase a SSL certificate from VeriSign, or generate a one using OpenSSL
Apply the SSL certificate to your web server
Create youe Login page normal as you do with your scripting language
access the page with https://domain.com/page.php
You provide secure registration with SSL. If you do a google search for HTTPS or SSL you will find resources. It is a bit of a large topic. How to go about it depends if you are running your own server or have hosting provided to you by a service. EIther way, you will need a certificate for your domain. If you have your own server you will need to do a lot more configuration.
Here is a link about how to go about it with Apache.