How to use firebase messaging without valid SSL certificate - ssl

I'm using google firebase Messaging for push notifications of my website.
my website doesn't have a domain. Its using HTTPS with self-signed certificate.
as i realized service worker needs HTTPS with valid SSL certificate. witch isn't available for sites without domain.
in some of other push notification services there is an option for HTTP websites that it opens a new window with a sub domain and notifications will be received from there.
is there any free option in any site that provides such future?
or
is there another option for me to pass invalid SSL error when enabling service worker?
btw: i'm aware about browsers flags for allowing self-signed certificate. i'm not gonna use that because i have some users now.
my frontend is a angular cli app running with nginx on a ubuntu server.

Related

Separate SSL Certificates for Web Application and API

I have a data collection / reporting web application hosted on an AWS Lightsail instance with Ubuntu 18.04 OS and Apache2. I use a 'Lets Encrypt' SSL certificate on the site. This all works fine.
I also have an embedded device which uploads data to the website via an API. The embedded device is currently not operating on SSL, but I need to change this. The embedded device can communicate on SSL but its not easily updateable in the field. My concern is that the CA certificate that is embedded into the device cannot be updated, and so using the same 'Lets Encrypt' certificate, means that a change in the Lets encrypt certificate will render the remote embedded device unable to connect to the server.
The common solution to this problem is a self signed certificate over which I have total control, and yes this would fix the problem, but it would create another problem. If I use a self signed certificate, then any user connecting to the site to view data from their PC would get an Untrusted Certificate warning on their browser, which is not acceptable.
So, to fix this ideally I would have my web app protected by 'Lets Encrypt', but the API protected by a separate self signed certificate. However, both web app and API need to be on the same domain. Also they should ideally also both be on the same standard 443 https port.
Is there a way to setup the web app and API to serve different SSL certificates?

How should an HTTP be listed under Google's API when using Cloudflare's shared SSL?

From my research I'm not getting an answer after referencing:
Custom SSL doesn't show when using CloudFlare
How to append SSL Origin Certificate with CloudFlare's Root Certificate?
Assets not loaded when using CloudFlare SSL
Cloudflare SSL issue: Request origin does not match request base_url
CloudFlare SSL refused on HTTP access
Wildcard SSL Certificates, Custom Domain Names, and Cloudflare
In my domain register I point my domain nameservers to Cloudflare and under Cloudflare's Crypto set SSL to Full. When I add the URL under Client ID for web application -> Restrictions -> Authorized JavaScript origins and Authorized redirect URIs should I be using HTTP, HTTPS, or both?
My understanding Cloudflare's SSL is a shared SSL and not a dedicated SSL. From Google's documentation I am unaware or able to find when using the Google Login API if the API will work successfully using a shared SSL.
The app is a web application written in Node using Google's Login API and hosted with a custom domain on Heroku. I am able to get the application to work locally and with Heroku's generated URL but I'd like to also implement Cloudflare I'm just unsure what is the correct way to use a shared SSL.
So to sum up, if I own the domain foobar.com in Google's Restrictions should I be using:
http://foobar.com
http://www.foobar.com
or
https://foobar.com
https://www.foobar.com
if the SSL is a shared SSL from Cloudflare?
It depends how do you want to expose your domain to users. Both protocols http/https can be allowed.
However you are trying to use "Google's Login API" = probably Open ID Connect client (SAML client is different), which needs encryption -> so actually, you need to allow only https protocol and then you will have safe configuration.

IIS force asking for certificate to a client node.js application

I have an application running on IIS 8.5 on my Windows Server 2012 and I have configured it to use this certificate I just bought. So now I can access the website using https protocol.
I have node.js clients running on some computers outside my network and posting some data to the server from time to time. I want to secure that connection now that I have a SSL certificate. I've been googling around for a couple of hours and I was not able to have the picture of what I need to do.
My goal would be to do the HTTP POST from client and only the clients using the certificate would be allowed to upload data to my https://example.com/upload url.
Firstly, I need to configure IIS so that requires a certificate when doing the handshake but I have no option for that in the authentication panel inside my webapp. I only have these options:
What am I doing wrong?
Click on SSL Settings
Then tick Require SSL

Websockets on localhost over https:// problems

I'm trying to write a service, my service is a WebsocketServer is written in nodejs, with express and the ws module. This service should be installed with node-webkit locally on a computer(on localhost) to communicate with a web site in https:// to exchange information. My problem is, that i need a trusted certificate for localhost(its not possible), because all browsers give a warning if i use a self signed certificate. I know i can ignore that warning, but in the future this software should be distribuited, and i dont want to give that warning for future clients. Is there a good way to resolve this problem?
Use one of the following options to work around this:
Package your client-side interface as a browser extension
Setup a Message Queue which transforms messages to your node server as Websocket requests
Use a PAAS provider with free certificates to proxy to your domain
References
How do I use a self signed certificate for a HTTPS Node.js server?
Simulating GitHub OAuth2 Login for Tests with JUnit, Webdriver & Hoverfly
Apache configuration using Self Signed Certificate - YouTube
Amazon SES: Sendmail
SMTP Gateway Plugin for RabbitMQ
Sending RabbitMQ messages via websockets

Chromecast self-signed SSL certificate

I've some problems with chromecast and self signed ssl certificate. I tried to implement my own receiver and registered my URL on Google Cast Developer Console.
Chromecast sender application trys to start and then i get some errors.
Does anyone knows if chromecast works with self signed certificates?
It won't work with self-signed certs. For development, you can consider using App Engine or Google Drive since both have valid certs.
Update: Google Drive is no longer an option.
You only need to worry about certs if you're app is ready to publish. During development you can work over HTTP. From https://developers.google.com/cast/docs/registration
"Enter a URL that the Google Cast device should request when loading your receiver app. During development the URL can use HTTP but when the app is published it has to use HTTPS. The URL may be for an HTML page or other file type accessible from a web browser. It's okay for your receiver to be on an internal (NAT-registered) IP address, but not on localhost, as it is rarely a top level domain. Although the receiver app must be served over SSL (HTTPS) when published, the content loaded on the receiver app may be served over HTTP.
Although the receiver app must be served over SSL (HTTPS), the content loaded on the receiver app may be served over HTTP."