How to enable HTTPS/SSL on XAMPP (Windows) using ngrok reverse proxy? - ssl

I am using ngrok to make my local instance of Apache (running through XAMPP on Windows 10) viewable to the internet. It works fine to access http://example.com but if I try https://example.com it gives me a certificate error (because the certificate is issued for its ngrok.io domain). I know I can avoid the cert error by using a url that ngrok generates for https, but I'd rather use my own domain name. How can I avoid the certificate error and get my site to load over https? I've seen a few guides for enabling https/ssl on localhost, but that's not what I need to do - I need to enable it for example.com, not localhost, and as I said, serving the site over http is working fine.

Related

SSL Certificate working on Server Machine but not outside

I have installed Godaddy Certificate with steps below
https://in.godaddy.com/help/manually-install-an-ssl-certificate-on-my-iis-8-server-4951
After adding in Binding on port 443, the website opens with https on the server machine.
When tried to access from outside machine, it shows this site cannot be reached.
It is still working with http everywhere.
Note - basic things are all done like restarting server.

How to use SSL-certificates to call https://localhost with apache2 on Raspberry Pi

So I am currently working on a project where I use the Instagram API to get some user Data onto my Localhost webpage on the Raspberry. The API however needs secure redirect uri (https). But when the API wants do redirect to https://localhost/instagram it says
"404 Not Found The requested URL /instagram was not found on this server. Apache/2.4.25 (Raspbian) Server at localhost Port 443"
In the url-bar it says "Not secure", the https part is marked red and is crossed out. When I test my stuff on another computer which has Xampp and Apache running everything works fine and even if I type https://localhost it redirects straight to localhost.
I found out that I might need a SSL certificate in order to make use of https links even if I'm running on localhost. But I don't really know how I should do this on my raspberryPi. There are already some SSL modules enabled inside the Apache2 folder.

MAMP Pro, 403 forbidden unless typing https://

I have recently started switching all my sites to SSL, locally using Mamp Pro virtual hosts and self-sign certificates.
All works fine with one exception:
if I type local.domainname.co.uk in a browser I get a 403 error, unless I type the full https:// first, then it works fine. On the live site it all works as expected; type domainname.co.uk and the browser fills in the https:// for me.
These are drupal sites using htaccess module to force the ssl - but since it works live but not local I'm assuming its a mamp issue?
Solved this - I needed to set up a non-SSL host in MAMP with the same name and settings as the SSL host (with SSL unchecked obviously) - although I want the site all https, there still needs to be an http host so it can re-direct to ssl (until browsers default to https at some point in the future?). MAMP instructions.
Or don't bother if you can live with typing https:// every time!

Can Owasp Zap be used to proxy all http and https traffic through an HTTPS connection?

I've just started using Zap, and am successfully running it in Firefox and Chrome.
I'd like to use it to automatically serve it's SSL cert for non https sites as well.
So for example, I'd like it to be able to serve
http://example.com
as
https://example.com
even though example.com normally wouldn't serve an SSL cert.
This would allow me to test local development sites without ever creating a self signed cert for them, or having to configure the cert with a webserver.
I've tried to port forward my dev port (18000) to port 443, but there's no SSL cert being served by my webserver, and the connection fails. I've also tried this with sni terminator zap plugin with no luck, though it feels like it's super close!
Any suggestions?
No application can choose communication protocol on which a client communicates. Web servers communication is strictly client driven except server redirects. For client to choose HTTP(s) out of two options http and http(s) you may install browser plugins like HTTP(s) everywhere which will seek for https first even if http is entered in browser

SSL Certificates installed on my site. but still browser shows unsafe connection

I have installed ssl certificates on my site but the browsers still showing unsafe connection. However i can access a safe connection by using https:// before site url
If you want to force https you'll need to set that up.
As explained on the apache wiki the recommended method is to setup the http virtual host to redirect to the https virtual host. Alternatively, you can use mod_rewrite to redirect from http to https.