We own the company.com domain, and have ssl comodo wildcard on it.
We have set up a private dns range *.intra.company.com locally on our ADDS Server, unresolvable by the Internet.
I'm wondering whether is possible the install LetsEncrypt certificates on IIS Sites binded with private domain names, without exposing them to the Internet.
I've seen a 'hack' to register the domainnames pointing to a publicly available IP and then install the certs. In the local network, point the hostname to the real IP's.
Is this the best way?
Related
I have an api served at a hypothetical address http://82.12.61.115:8000 (note the port).
I want to have a domain point at that IP address and then secure that domain with an SSL certificate.
Is there any service I can use (e.g. AWS) to do this without buying the domain and SSL certificate? Since it is just an API, it doesn't have to be pretty, it can be a subdomain of another domain as long as it's secured.
On a related note, will using port 8000 be a problem (as opposed to 80 or 443)?
I've bought a .com domain from a provider on the internet. But, I want to host it locally.
I know that I can host a local web by using XAMPP or WAMP, but I want to make it accessible on the internet.
I also know that we could host a web to be accessible on the internet like ngrok, serveo, etc.
But, I want it with my .com domain that I bought. Could this possible? How to? Is there any references?
Thanks in advance ^_^
It seems to me you are asking 1. if it is possible to map a DNS entry such that traffic to the URL would be directed to a server in your personal network, and 2. if it is possible, how to do it.
The answer to the first question is yes, it is possible. The second question is difficult to answer because it depends on many factors such as your ISP, country, your web host provider's rules and services, etc.
First, you must determine two IP addresses:
The public IP address for your network (whatismyip.com)
The private IP address of the local machine which will host your website (typically (192.168.0.x)
Then, you must enable port forwarding in your router configuration, such that any requests to port 80 and/or port 443 on the external interface (public) will be forwarded to the internal port on which your website is hosted. If done properly, putting the public IP in your browser will take you to the website you are hosting locally.
Once you verify access via public IP, then you must go into your DNS entries on your domain host and create a CNAME record which points your root domain (www.yourwebsite.com) to your public IP address. That will route all traffic to your .com to your local server.
I do NOT recommend doing this however, and would caution against it, because it leaves your local server/network open to the public, and makes your domain vulnerable to things such as spoofing etc. To do it properly, you should obtain a security certificate for your domain through a Certificate Authority (CA) - generally, you can request a certificate via your domain hosting service. Once you have a certificate, you must upload the key to your server and configure your web application/hosting service to use the certificate, and then change your port forwarding to use 443 instead.
This is a very complex topic that takes time to learn, and your question is extremely non-specific. There is no good place to start really, and no shortage of information/resources available online. To start, you need to understand how your DNS works. For any local webhosting, port forwarding is important to learn. You should also determine if your ISP blocks the forwarding of certain external ports, which effectively disables any private webhosting.
We have 1 virtual machine with IIS in Azure, it doesn't hold the public IP address.
Its FQDN is machine.domain.local.
Its serving a service from IIS. We want to install certificate. However, we got the SSL by name service.domain.com.
If my machine would have public IP address I would have created A record for service.domain.com pointing to machines public IP address.
But we want this service to run internally, how we can we achieve this routing?
Any suggestions?
you can make a CNAME record to map service.domain.com bind to machine.domain.local
The question is not Azure or DNS related, it looks like its IIS/certificate related.
You got certificate for service.domain.com, which you want to apply to website machine.domain.local.
You either get machine.domain.local added to CName on Certificate or change IIS website domain to service.domain.com
You can use IIS to generate a self-signed certificate. Then, use an Azure Site-to-Site or Express Route to connect to On-premise. Set up a local host file entry on the servers for that domain & private IP address. This would work without a flaw but, it's tedious and not much of a recommended design.
What I would do is, I would MAP my domain to the private IP within the local DNS server and set the DNS as custom DNS on the VNET. This will make sure that all the VM's will point to the DNS server for any query and then start a recursive query.
MAP to Private IP
Make record entry with the local DNS server with Private IP
Make changes at the Azure VNET to use the custom DNS, provide the DNS server private IP
Else
Do a host file entry manually on all the servers.
You can also read more along the lines of Private DNS on Azure:
https://azure.microsoft.com/en-in/blog/azure-dns-private-zones-now-available-in-public-preview/
Regards,
Charan
I'm about to buy an SSL certificate from GoDaddy for a site, let's say "example.com".
However I'm currently making design and performance updates in a non production VPS, using it's IP address. Let's say: 10.10.10.10
I would like to purchase the certificate to use it in example.com, but first I want to test https and everything in the non-production server.
This is probably a stupid question but I'm new to this area and I need to know if this will cause the certificate not to work on this other ip address(Before spending the money).
The certificate doesn't change. As long as you're only specifying the domain name, and not the IP address, in the certificate, it can be used on multiple machines. You will have to adjust your test setup to point the domain to the test IP address.
I was asked to create a sharepoint web application with ssl on a server with sharepoint 2010 installed. The problem is that this port seems to be in use for hosting our subversion repository. So when i try to browse my sharepoint site, it just shows a page with my repository. I've read about installing certificates and configuring multiple sites on one port with host headers but i never succeeded to complete this job. I would really appreciate some help here.
Thanks!
Assuming you're talking about individual SSL certificates (as opposed to a single wildcard certificate), I believe each website HAS to have its own IP address. AFAIK it is not possible to run multiple websites with multiple SSL certificates under the same IP address.
Depending on who is hosting the server, you would need a new IP address to be allocated to the server, and then within IIS you use the new IP address against the hostheader of your new website. You should find that the certificate works correctly, if not then try removing the certificate from the website and re-allocating it.
You would only be able to use a wildcard certificate if the primary domains of the websites were the same (e.g. website1.mydomain.com and website2.mydomain.com).
Thomas,
I've run into a similar situation before where the requirements dictated that we use 1 ip address, but the domains will be different (eg. website1.com, somesite.org, website2.us).
You can achieve this by using a Unified Communications certificate with Subject Alternative names. Currently, Digicert offers a UC certificate that can achieve this, but some other CA's will not.
Essentially you will have 1 certificate bound to :443 on the same ip address. The big drawback to this is that if the cert goes down, all the sites SSL will not work.
You have to manually (via powershell) bind each domain to port 443 however, but the instructions are fairly simple.
Server Name Indication would be another way, but it's not even an option in IIS 6