I have a problem configuring SSL certificates between my client and my Server.
My client, is a frontend application written in Angular, installed on a Web Hosting called V-Hosting which provides cPanel and through which it is possible to install a free Let's Encrypt SSL certificate (with auto renewal certificate).
Therefore, a user's connection to the website is protected by the certificate made available by CPanel - Let's Encrypt.
Instead the Server, a Backend application written in Java, is on a Contabo VPS (Virtual Private Server).
On this virtual server there is Windows OS and I have Jboss installed, where my .ear package is installed.
My problem is that I can't figure out how to configure an SSL certificate so that client and server can communicate over https, as now my domain https://example.com/ can't communicate with my server on JBoss http://IP_SERVER:8080/rest/api as the Server has no certificate.
So, client has a certificate (https) but server not (http) and they can't communicate each other without a certificate on Server.
How can I make the Client and Server communicate in HTTPS?
I tried to install Keystore Explorer on my VPS and generate a keystore to install on jboss but it's not the best solution because then I would have a Let's encrypt certificate on the client and one self signed by me on the server.
Related
I am hosting multiple websites on a single Windows server 2016 having one public IP. I want to install SSL certificate for my websites.
I need to know whether to install ssl separately for each of the websites or i have to install single ssl certificate for all websites
I have installed SSL Certificate manually that I had brought from Godadday. It installed successfully but it shows self signed certificate which is not trusted or displays cross on https.
What is the solution ?
It is showing because it does not recognized the certificate that you get from Godaddy.
The CSR certificate has to upload on your site and make changes on apache config file.
Make sure your CSR file should not match with the private key that you submitted to verify your site.
Installing a SSL certificate requires some server administration knowhow, especially updating web server configuration.
DigitalOcean has a great tutorial on how to install a SSL certificate from GoDaddy: https://www.digitalocean.com/community/tutorials/how-to-install-an-ssl-certificate-from-a-commercial-certificate-authority#example-ca-2-godaddy
Maybe it helps.
To check if you installed it correctly, you can use Qualys SSL Server Test at https://www.ssllabs.com/ssltest/index.html
My webapplication has a https binding with an SSL certificate configured from Entrust. In the SSL settings of the web application, I set the Client certificate settings as required.This forces client to supply a valid certificate when requesting the content to the server, which is the requirement.
I have Entrust listed as a Trusted Root Certification Authority in both Client and server.
Now my query is how to generate the client certificates for all the clients which could be authenticated by server?
A consultant told me recently that he has clients using IIS. Those servers accept port 443 requests with no cert installed on the systems. I have no way to verify this, and our servers run Apache anyway.
I believe that Apache will refuse to accept secure traffic, or minimally, Apache will squawk quite loudly without an installed cert.
Will Apache route port 443 requests without a cert?
We are running 2.2.3 running on CentOS 5.
Thanks.
If you try to enable SSL (SSLEngine on) on Apache Httpd without configuring a certificate (and its private key), you'll get this error, and it won't be listening on that port (443 unless you've configured another one):
[error] Server should be SSL-aware but has no certificate configured
[Hint: SSLCertificateFile]
If you can't rely on a well-known CA, this certificate can be self-signed or issued by your own CA (although this is not practical, since you would have to distributed your certificates independently).
In principle, SSL/TLS doesn't strictly need X.509 certificates, but HTTPS more or less expects such certificates. More details in this answer.
The default install of apache installs an untrusted ssl certificate that you can use, but the browser will complain when you try and connect to it.
Though, in general, if you need to use SSL, then you should invest in a certificate.
am new to LDAP / Active Directory environment.
am trying to connect with LDAP / Active Directory using SSL support.
to connect LDAP/Active Directory, SSL certificate is required to establish the connection.
I have been googling, and most of the result is to "create certificate using Microsoft CA (certificate authority)". Is this is only way to generate certificate for LDAP/Active Directory?
How can i get SSL Certificate for LDAP / Active Directory?
Is there any other way to get the SSL Certificate for LDAP/Active Directory?
The OpenSSL tool can be used to:
generate a new self-signed certificate
generate a certificate request
retrieve an existing certificate from an LDAP server using LDAPS (but not StartTLS as of OpenSSL 0.9.8)
OpenSSL is available via the console on Mac OS and most Linux distributions.
You can get OpenSSL for Windows here:
OpenSSL Distributions
The Mac Keychain Access application can also be used to generate certificates.
LDAP client code that requires a secure connection should connect to the port upon which the directory server listens for SSL connections, or connect to the port upon which the directory server listens for unsecure connections and promote the connection security using the StartTLS extended operation. The certificate to which you refer is the certificate used by the directory server.