I have my hosting server at :8443. When I try to open it then SSL generates error saying site is not secure. So how can I add SSL so that it wont gives that error
Related
i bought an SSL certificate and followed a guide to import the SSL to my IIS 7, then, i stablished the bindings
https All unassigned 443
Hostname ( Cant write any text here)
SSL: customerwebsite.com (Not the real URL)
Restarted the website and tried to access via https to the site but a "Connection is not secure" advert is shown on the browser. I tried to see more information about the cert and it shows information of another SSL, it shows that the SSL was issued to TP-LINK, it doesnt show the information of the SSL that i have installed.
Do you know please what can i do in this case? This is so important. I need to install that SSL.
Thanks for all the help.
I Installed the SSL and then configured the bindings.
Please consider my circumstance:
I have created a backend API on port 8880 in Express.js in HTTP
I have created a frontend website in Next.js on port 80, also in HTTP.
I signup with cloudflare they manage my DNS, I get their SSL so my frontend HTTP site becomes HTTPS.
After successfully applying SSL to the frontend, the backend api stops receiving the POST request from login from the frontend.
As a result, I can no longer login to my site because every attempt fails when the POST request attempts to send the JSON payload of the login. How can I fix this SSL brokenness? This worked perfectly fine as HTTP to HTTP. But now, as HTTPS to HTTP, got failure.
Here is what I have tried to solve:
HTTPS to HTTPS - this failed. I tried changing the backend to HTTPS but used a self-signed certificate following this instruction.
My code in app.js (backend):
https.createServer({
key: fs.readFileSync('server.key'),
cert: fs.readFileSync('server.cert')
}, app)
.listen(port, function () {
console.log(`Connected on port ${port}`)
})
Set up my Cloudflare Page Rules - Apparently cloudflare has "Page Rules" settings for your domain so I set mine to domainname.com/api SSL: Flexible. Still failed. Testing in Postman showed I was successfully signing in with https://123.456.789.10:8880/api/signin but not with https://domainname.com/api. I enabled morgan on Express and saw no ping on the /api/signin endpoint.
Switching the backend from HTTPS to HTTP, leaving Page Rules on SSL Flexible - As per this answered question here, I was thinking this will surely work since Cloudflare says "The Flexible SSL option allows a secure HTTPS connection between your visitor and Cloudflare, but forces Cloudflare to connect to your origin web server over unencrypted HTTP. An SSL certificate is not required on your origin web server and your visitors will still see the site as being HTTPS enabled." Doing this also failed.
And so, I am still unable to reach /api/signin either on domainname.com/api/signin or https://123.456.789.10:8880/api/signin or http://123.456.789.10:8880/api/signin. Morgan shows nothing in the console when I attempt signin, whereas it did before.
SOMEBODY out there must have solved setting up a frontend and backend on one IP but two different ports and gotten it to work with cloudflare SSL before. Please help!
I was able to solve this by implementing NGINX and setting the config to take / and /api and make them route to the respective apps running their port numbers. Additionally, I had to set up cors in my Express backend and used dotenv to allow a .env file to persist the FRONTEND_APP environment variable containing the ip address of the frontend Next.js app.
I am using IIS 6.1, with HTTPS enabled, using a self-signed certificate. When using IE to browse to the site, I get an error "The security certificate presented by this website was issued for a different website's address", if I use the server IP, "localhost", or "127.0.0.1" as the host name. The error disappears when I use the server name as the host name.
How can I get around this error when using IP, "localhost", or "127.0.0.1"?
Thanks.
I am totally stumped on this one. I recently installed SSL certificates on my site and SSL terminates at my load balancer, HAProxy. So far all of my regular users are able to use the secure connection except for those behind one major corporate network.
Those behind the network get this message in Chrome:
"This webpage is not available" "The
webpage at https://example.com/ might be temporarily down or it may
have moved permanently to a new web address."
Error Code: ERR_CONNECTION_CLOSED
They can access http://example.com site just fine (no SSL) if I enable it.
I was originally wondering if it was an issue with my ciphers, but these corporate users cannot access files on static server either (using AWS Cloudfront with SSL certificate).
I'm guessing the firm may have a blanket ban on SSL certificates unless there is a whitelist? They can access the ssl site of google (https://google.com). Is there something wrong with my certificate? Chrome has a green lock and says my site uses modern cryptography.
Anyway, is there anyway to determine if they can't access my site via SSL and then redirect them to use the nonsecure version? I tried looking through HAProxy docs but am missing something and at this point have tunnel vision.
Thanks to all. Here is my config file:
global
tune.ssl.default-dh-param 2048
ssl-default-bind-options no-sslv3
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
mode http
option forwardfor
option http-server-close
option http-pretend-keepalive
timeout client 120s
timeout connect 10s
timeout tunnel 120s
timeout client-fin 120s
timeout server 120s
frontend https-www
bind *:443 ssl crt /etc/ssl/example_com/example.com.pem
#using naked domain
redirect location https://example.com if { hdr_beg(host) -i www }
acl is_sockjs path_beg /sockjs
use_backend sockjs if is_sockjs
default_backend django
frontend all
bind *:80
#How do I detect that the ssl site failed for them?
redirect scheme https if !{ ssl_fc }
backend sockjs
reqadd X-Forwarded-Proto:\ http
balance leastconn
cookie SERV_ID prefix nocache
server srv_sockjs1 sockjsserver-ip check cookie s1
backend django
reqadd X-Forwarded-Proto:\ https
balance roundrobin
server srv_static django-server-ip
backend django-nonssl
reqadd X-Forwarded-Proto:\ http
balance roundrobin
server srv_static django-server-ip
OK figured it out
It was related to the naked domains. The server didn't like the fact that I redirected https://www.example.com to https://example.com. Upon further reading, I am going to now do the opposite, where I don't support naked domains and now redirect https://example.com to https://www.example.com
I had to do this on cloudfront too, where I now use www.subdomain.example.com instead of example.com
I have a scenario where Https is running in 443 and Secure webSocket Server running in other port and both service we are using same selfsigned certifcate.
An we first access the page over https and we install the certificate and page contains js to connect to webSocket securely.
When we try to connect to websocket , its failing , but if we access the WSS url in the browser address bar and add the certficate, the from the web page we are able to connect to webSocket server.
How to overcome this as we want to install the certificate once and same can be used to WSS?
Thanks in advance
Pradeep