self signed certificate for implementing https - iis

I have a server with public IP and hold a website on it. I don't have a domain and my web server is IIS, then I created a self signed certificate in the server and bind it to my website. When I want to access to my website using a link like http://.../test. I can access to the website with https in localhost in the server. but I can't access to the website from a client browser with httpsand I get this error in client browser:ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Your server most likely doesn't support TLS (v1.0 or higher) but only SSLv3. That's a common cause for this error. SSLv3 is blocked in most browsers because of the POODLE vulnerability (CVE-2014-3566). You should review your server settings and upgrade them accordingly.
You can test your website at the awesome SSL Test from SSL Labs. This will point out errors like these and it helps you create a secure config. Please keep in mind that any score below A is in urgent need of improvement.

I found out to solve it. Port 443 was closed in the server.

Related

Production build of website can't make request to Node server while developement build can (possible SSL error ?)

I have a bit of a problem with a web page I'm making. Here's the situation :
I have a working NodeJs server that's online, hosted on a VPS.
I'm making a webpage that makes requests to this server. The requests work when I'm testing them from localhost or my local network.
When I put my website on my hosting service (different from the server), the requests fail.
Google Chrome return this error :
Failed to load resource: net::ERR_SSL_PROTOCOL_ERROR
The domain I have registered for my webpage has TSL1.3 I think, it it https for sure. So I thought it was a mismatch, like my website couldn't make requests to a simple http server that doesn't have any SSL or whatnot.
But when I looked into setting my server to use SSL or TSL or something like that, I got really confused. People recommended I use cloudflare as it provides certificates for free, but Cloudflare only works with domains, not stuff that runs on VPS with only an IP adress. I also tried following Certbot instructions to make a certificate myself but my VPS doesn't support snapd, even though it's Ubuntu 20.04.
Any attempt on my part to follow the rabbit hole of SSL certificates hasn't yielded anything, that's why I'm posting here. I don't even know if somehow getting a ssl certifcate will solve the problem.
Any help is much appreciated

Can't connect with HTTPS but HTTP works fine

I'm trying to secure my we server using HTTPS and SSL/TLS to access my website. Going to the site by www.-----.------.compute-1.amazonaws.com works and the connection is successful. But when I try https://www.-----.------.compute-1.amazonaws.com chrome says "This site can’t be reached" "www.-----.------.compute-1.amazonaws.com refused to connect". I am using an Amazon Linux instance. Where did I go wrong?
Typical problem. I am assuming some things here.
You launched a EC2 (or something similar) Instance
Didn't Open 443 port or Configure it further.
Using port 80 for serving pages.
I think you got the answer. Check this out.
I needed an SSL certificate from a CA (certificate authority). I was using a self-signed certificate which doesn't work in a browser.

Https and SSL issue with port 80

Recently I just start using https:// for my server and the strange thing is that I can open if I explicitly type "https://www.example.com:80" but won't be able to connect if i type "https://www.example.com".
I am using NodeJS with Express 4 framework hosted on Digital Ocean.
What can I do to let people access my website normally? And also is it normal that they have to click "accept" first time they visit? Why for other https website I dont have to do that?
I am using RapidSSL.
Your question is light on details, but here are the two likely guesses:
If you want your SSL server to work by default when users type https://xxxx, then your server needs to be running on port 443, not port 80. That's the default port number reserved for https connections and is the port number that the browser will try if the user just enters a https://xxxx URL.
If the browser is prompting you for permission to connect to your site, then that is likely because the SSL certificate you are using is not signed by one of the certificate authorities that the browsers trust (perhaps it is a self signed certificate). You can solve that issue by getting a certificate from the right trusted source and using that certificate in your server. It's also a possibility that something else is wrong with your SSL configuration, but we'd need to see more detail about the situation to know.

secure websocket for https

I have a local PHP server for my website and a local PHP server for websocket but websockets doesn't work anymore since I installed self-signed SSL certificats in WAMP. I have read that I have to use wss:// but when I change ws://localhost/xxx/server.php to wss://xxx/server.php but it doesn't solve my problem. I have accepted the certificat in firefox and chrome but it doesn't change anything. Any idea of what i supposed to do to repair websocket? Do I have to install certificat or key in my websocket PHP server?
You have to put the same certificate for the web page, and access the page with https://, therefore the browser will prompt you to accept the self-signed certificate and the websocket will be able of connecting using ws://
Also, be sure you use different ports for ws:// and wss://, some browsers get messed up if you start changing the connection of the same port.

SSL Https, is it that simple?

I'm just setting up an SSL area of a website, and was just wondering... is it as simple as adding HTTPS on the url?
(this is presuming I have a valid certificate of the hosting company?)
Or is there something more to it?
Thanks.
You have to setup the server to allow ssl connections. That includes generating a signed server request. You send this CSR to the cert authority (Verisign etc), and they send you a cert to install on the server. If you are behind a firewall you need to open port 443.
If you don't control the server i.e. shared hosting, there is probably a page in your control panel to do it all for you using a GUI.
When you replace http: in a URL with https: you are asking your web browser to do two things:
To attempt an encrypted (SSL) connection
To change which port to use on the remote server if none is specified in the URL
Most web browsers use port 80 for unencrypted traffic and port 443 for encrypted traffic by default. So, the first thing you need is a web server that is listening on port 443. If you are using a hosting company, this is probably already the case or becomes the case when you configure SSL.
You do not have to use port 443 but that is where browsers will be looking when users do not specify a port. You could also force everybody that connects at port 80 to use SSL as well though with the right configuration. That means that ALL traffic to your site would be encrypted.
To get the encryption up and running you generally need three things: a certificate, an encryption key, and a server request (CSR).
How you configure these is extremely dependent on how you are hosting the web server. Most hosting companies have 'control panels' that you log into for configuration. Common ones are Plex and CPanel. If either of those ring a bell you can post more information to get a better answer.
If you are managing the server yourself the big question is whether you are hosting on Windows or Linux. If it is windows, you are most likely going to want to configure IIS (Internet Information Server) while if it is on Linux you are probably going to configure Apache.
If you are using IIS, this link might help:
http://www.petri.co.il/configure_ssl_on_your_website_with_iis.htm
If it is Apache, Byron gave a good link above:
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html
You can use other web servers. For example, I use nginx:
http://rubypond.com/blog/setting-up-nginx-ssl-and-virtual-hosts
So, I guess the real step one is finding out more about your server. :-)
Once your web server has the SSL cert installed, it is as easy as using HTTPS on the URLs. There are some considerations to be aware of:
Port 443 must be open between the user and web server. (obvious)
Browser caching will be reduced to in-memory session cache and not stored on disk. Also, caching proxies in between will not be able to cache anything, since everything is encrypted. This means an increase in load times and bandwidth requirements of the web server.
When using HTTPS to receive sensitive data, be sure to disallow its use over HTTP. e.g. If you have a page that accepts credit card numbers in a POST, the app should fail validation if it was not done over HTTPS. This can be done in your code or in web server configuration. This prevents a bug or malware from systematically sending sensitive data in the clear without the user knowing.

Resources