So I have a digital ocean droplet running apache with an SSL certificate provided by LetsEncrpt. When I use the Inet address of the server everything works as expected. I have now added a reserved IP address to the droplet however when trying to access that via HTTPS is get the Generic ERR_SSL_PROTOCOL_ERROR running through a tester it appears to indicate no SSL protocols are support.
The reversed IP address does indeed route to the server, I can SSH over it for example.
Im using UFW which is configure to allow any on 443.
Any insight/advice would be greatly received.
Related
I have a problem that bothers me for few days. I have 2 local servers on same IP, at my office, on one we run an apache webapp that uses port 443 and port 80, and on the other one i tried to install ubuntu iredmail server, all good until i asked for a letsencrypt certificate, and tried to open the mail domain url. I changed the ssl port in 00-default-ssl.conf to 8443, i stopped the nftables, no firewall installed or active on the mail server, just the pfsense working on network level. if i try to open the mail domain with port 8443 i get the no page, if i try to run with 443 i cant connect to it. If i try to open the main domain, not the mail, the root domain, with default port for ssl i get the page from the other server that runs the apache app, that should be linked to another domain.
I tried to obtain a ssl and i got an error that says the cert cant be downloaded on the server due to a possible firewall misconfiguration. I readout somewhere that pfsense might be the culprit, because he cant read the redirects from request header.
Can you please help me fix it ? I start loosing my patience.
I am trying to install iredmail on a local server with static IP and pfsense.
I'm doing some development and want to point a remote webhook I have to a server I have on my localmachine. I was able to create a SSL certificate on my machine, and from my own machine I can access https://localhost:3000 and it accepts HTTPS.
I forwarded port 3000 on my router to my localmachine, and it works if I use my external IP address with http, but not with http.
e.g: http://my-external-ip-address:3000 works https://my-external-ip-address:3000 does not work.
What do I need to do to have https on my external IP address work?
Make sure that the caller can work with self-signed certificates (which looks like what's you have). Alternatively, check a SSH tunnel service such as ngrok.com (free).
Does anyone know how I can enable TLS Authentication on an application running inside an AWS Ubuntu machine.
To be specific, I have an Ubuntu machine on AWS running Linux Container (LXC) and LXD (a framework on top of LXC that provides REST APIs to access Linux Containers, among other things). I generated certificate and key on the Ubuntu host using LXC command line utility. I then tested whether the certificate works locally by running curl command providing the --cert and --key options to it, and everything works fine.
I then copied the Certificate over to my local machines (Mac OS X) keyChain and tried accessing the Ubuntu Server (which btw has an open security, allows traffic from everywhere on any port.) It gives me the error : "This server could not prove that it is X.X.X.X . Its security certificate is from ip-X.X.X.X".
I noticed that the certificate has the DNS name value as the private IP address given to the machine by AWS instead of public IP address.
Does any one know how I can access my TLS enabled application inside an AWS Ubuntu machine from outside, public network?
Please let me know if things are not clear and I would be happy to provide more details.
Within the certificate is a field that specifies what machine name or IP address the certificate should be coming from. This prevents another site from grabbing the same certificate and presenting it as the other site's certificate. The issue in this case is that your certificate specifies the AWS internal address, but the client sees the external address of the server.
The solution is simple: generate a security certificate with a subject alternative name (SAN) that is the external IP address rather than the internal IP address. External clients will then see the certificate IP address as matching the address they went to.
How do you set up SSL on the localhost ITSELF (not on any virtual hosts) using MAMP PRO?
I need to do this so I can preview the website I'm creating on my iPhone, which uses the same Wi-Fi ip address.
(To do this, I just type in the IP address of the WiFi in the address bar of my iPhone browser).
Thanks very much in advance!!
You can check those articles : Getting MAMP working with SSL on Mac OS X.
It sounds like you're confused regarding what localhost is. Localhost is always local: this is the machine itself and has 127.x.x.x as an IP address (usually 127.0.0.1).
If you run MAMP on your Mac, connection to localhost from your iPhone or any other device will be of no use. As far as your iPhone is concerned, localhost is the iPhone itself.
If you want to run a test server within your LAN, which probably uses private addresses (typically, 192.168.0.x), you'll need to configure your server for the IP address the machine on which it's running is using (you can normally see this in the network preferences).
As far as Apache Httpd is concerned, this will have to be configured in a VirtualHost (matching that LAN IP address). It's not quite clear what you're after: this is just how Apache Httpd is meant to be configured anyway.
The problem you're going to encounter is that your certificate will need to be valid for that IP address. It's in fact often simpler to allocate a host name (some routers provide small DNS services for the machine for which they also run a DHCP service, for example), and it generally makes more sense. Nevertheless, you can generate a certificate valid for an IP address by using an IP address Subject Alternative Name (SAN) entry (as discussed in this answer, see OpenSSL section). This also implies that you'll need to use your own self-signed certificate or your own mini Certification Authority, and that you'll have to import it somehow into your iPhone for the server certificate to be trusted.
We allow users to dial-in to our system.
We run a firewall on the dial-in system that blocks all access by default and we only allow certain servers to be accessed by adding specific rules.
We have a web service that contacts our server. The service calls are made over SSL.
The SSL Cert is from GoDaddy.
We have found that when connecting to the service the first time something tries to verify the SSL certificate. We are seeing dropped packets to Microsoft IP addresses via port 80.
If we allow access to the Microsoft IP, the software works perfect.
Issue being the IP is random, so I have been adding a few different IP hosts.
Looks like some type of SSL verification system or something... anyone ever run into something like this? or know of a block of IP's or hostnames that I can allow in the firewall?
It's most likely trying to contact the Certificate Authority (CA) to verify the SSL cert.
It smells like browser is trying to connect to a CRL server. Try to reverse-resolve the IP addresses to a domain name and you should get some clue.