Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 12 months ago.
Improve this question
I could connect my ESP8266 board to my MQTT server over TLS. Everything works fine.
There is only one question (as I'm a beginner with encryption): Should I hard code CA.crt, client.crt and client.key on the board??
As I know, if my certificates expire, I have to purchase another certificate, meaning my boards won't work anymore (I sell them). Can I securely ask server for these files every time?
EDIT:
This question was closed because it was opinion-based. OK, give me an opinion! I have no idea to handle my case. Thanks.
We can't answer this for you, only you know the details how how/where the device will be deployed. This will factor into what is acceptable
What I will say is that it is possible to do Over the Air updates with ESP8266 so you can push code updates that could include updated certificate fingerprints if needed or you can not include an actual CA certificate to verify the broker certificate.
As for client certificates, these don't need to be issued by a public CA so you have full control over their expiry time, so it's perfectly reasonable to set a life longer than the expected life of the device.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 days ago.
This post was edited and submitted for review 6 days ago and failed to reopen the post:
Original close reason(s) were not resolved
Improve this question
I tried to use SSL configured as in https://ktor.io/docs/ssl.html with self signed SSL Certificate and deploy it to a VPS and it worked,
[enter image description here][1]
now I want to use a real SSL Certificate.
how can I configure a real SSL Certificate to my ktor server?
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I have SSL certificate, which i upload on my hosting. I need to generate private key, how i can generate it without ssh access.
Thanks.
You can't generate a private key from a certificate (that's the point).
If you already have your certificate, you must have generated a certificate request (CSR) (or perhaps its in-browser equivalent) and generated a private key at that time. This is the file you want, since other re-generated keys won't match the public key in the certificate you now have.
Run the commands provided in the instructions for the tool you are using, but on your local machine. For example, if you are using OpenSSL on your hosting server, generate your private key file using your local command prompt, and upload that through the tools provided by your provider.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I'm about to get an SSL Certificate for my website. In particular, it will be used because I'm switching over to a payment processor which requires it. A few "noob" questions:
1) Will I have to change any code that directs users to http://www.mysite.com to https://www.mysite.com, or will users who go to http://www.mysite.com be automatically re-directed to https://www.mysite.com?
2) I assume that https "slows" things down on a site? If this is the case, can I maintain the http everywhere on my site except when they make a payment to the processor? i.e. http://www.mysite.com/any_old_page.php, while https://www.mysite.com/pay_for_the_stuff.php
Thanks!
No, that won't happen automatically. You will have to change your server configuration to do that.
Yes, it slows things down. How much depends on the cipher suite used for the server, the server software and hardware. You should play around with different TLS cipher suites to see how much. It depends on that (and of the nature of your site) if you should only use TLS on part of your site or all of your site. As for the requirements of the payment processor: ASK!
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I'm thinking about using a self signed cert for a staging area of my app. However, this staging area is located on the same server as production, and I'm worried that using a self signed cert may cause the server to be flagged as malicious/suspicious. Should I just go ahead and pay for a real cert?
There is theoretically nothing wrong with a self-signed certificate, but browsers like Chrome will definitely raise a flag. I'd recommend getting a real certificate.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I'm trying to enable https://mysite.com on my Ubuntu 11.04/Apache 2
I followed several guides online, but I still cannot access https://mysite.com
The guides mentioned getting certificates from CA, does that mean I have to register somewhere?
Or, can I simply redirect all https traffic to http?
Yes. You need to get and install an SSL certificate.
The whole point of SSL is that a trusted third party verifies your identity.
You are going to need to read up on SSL or hire someone.
Good luck