We have a number of internal apps which have website access - this is set up on Windows Server 2016 through IIS.
We create the SSL certificate for these apps through "Certify the Web". These are updated automatically. These SSL certificates are binded to the websites through IIS and seem to update automatically as required.
However when we navigate to these websites they state that the SSL certificates are invalid, with the old dated certificate which expired a while ago.
Anything you guys suggest for this?
Related
I set up a local Intranet site for our company on a new web server running IIS 10. I did this using .NET Core Razor pages where I get the logged on Windows user and grant/deny access based on their User ID being in specific Active Directory groups via SQL ADSI queries.
I issued a self-signed certificate which was working just fine until the recent Chrome update which no longer accepts my self-signed cert. The cert still works in Edge. Most of what I find for Chrome is a work-around telling people to just type, "thisisunsafe", which works but is not a valid solution.
The only other info I can find is advice to get the 3rd party SSL cert, even though all of this is behind our firewall. I did this, and that's not working either.
I don't understand why I can't use a self-signed cert for my own internal site. What is the best practice to manage the security for an Internal company intranet and the cert process needed?
I have a quick question on opting the SSL Certificate for the Web Application. In the Web Application, am using Kestrel as WebServer and application is not configured in IIS.
For Customers, I install the Application as a Service in Server Machine and its used by the employees only in intranet. Now the address of my application is http://machineName:port but I would like to have https://machineName:port.
Question 1) Is this possible for the Intranet sites?
Question 2) Will SSL be really needed in this case?
Qeustion 3) SSL works, only if I configure Web Application with IIS?
Yes it is possible. As long as the certificate is trusted by the clients. You can create a self signed certificate and have client machines add it to trusted root certificate authorities in windows. Or if the intranet is using a windows domain, you can have a Certificate Authority trusted by domain computers issue the certificate.
SSL is always better even in intranet and localhost scenarios. It ensures site identity, encrypts traffic, etc. Whether it is needed depends on the site. Some browser functionality such as using the camera/mic won't work unless the website is using SSL.
Kestrel allows using SSL. Checkout docs here.
I have researched a lot before posting this question. I have a website that runs on HTTP. We are currently using ASP.NET webforms.
My boss wants to update the payment gateway to use Stripe. Stripe wants the payments page to be running on HTTPS rather than HTTP. So I want to make my website HTTPS.
There are a lot of articles out there to make your website https with your own self signed certificate. However, I couldn't find relevant Microsoft docs for doing the same thing in a live production environment.
My question is how would I do that in a production environment where you do not have ISS control?. I understand that I will have to buy an SSL certificate from a verification authority. Currently I am using FTP to replace the bin files and the modified files to make changes to the website.
I was wondering if there are any C#,ASP.NET veterans out there who can guide me in the right direction.
To run a web site with a certificate, which is a requirement to use HTTPS, you must be able to use IIS administrator to install the certificate on the web server and bind it to the web site on port 443. You could maybe possibly get it done without IIS admin by using PowerShell, but the user account running PowerShell would need the same permissions as if you did it with IIS admin.
Bottom line-- if you do not have any access to IIS admin at all, it is not possible to complete this task by yourself.
If your web site is hosted, you will need to approach the hosting service provider for instructions on how to request and install an SSL certificate for your web site.
I working to develop small HTTPS server that will be included in my android application. And the client will be browser. User can browse to the contain that I have on my HTTPS server. Can someone tell me what kind of setup do I need as far as the certificate and private/public keys are concerned. I am planning to use openssl to create my self-signed certificate.
FYI, I have initial setup done. And since my certificate is self-signed, browser displays warning to accept it on your own risk. So I believe server authentication is working. What do I need for server to authenticate the client ?
Thanks
The problem with hosting an HTTPS webserver on an android device is that the certificates are validated using a domain name. Without a domain name the client browser will display an error unless the server certificate is installed and trusted locally.
The two options are:
Register a domain name, use dynamic dns, and then request an ssl/tls certificate based on that name.
Installing self-signed certificate programmatically
There is an Android library that supports https: http://tjws.sourceforge.net/
I have Azure app containing 4 sites in a single web role (differentiated by host headers). I setup the sites to run over SSL. I issued 2 self signed certificates: 1 as CA installed into Trusted Root CAs store and 1 wildcard SSL certificate (issued using the first one).
The application runs, however I'm getting certificate error 'Mismatched address' in Azure Compute Emulator. I examined the mismatched certificate and found out it is not the one specified in service configuration. I went into IIS management console and checked the bindings - there was no cert set for my sites. So I setup the wildcard certificate manually in the site bindings. But in browser I still have mismatched certificate, still the one for 127.0.0.1 (comming with DevFabric). How can I make the IIS to return the correct certificate configured for the site?
(I have some services in the web sites consumed by Silverlight application and it does not work when there is forced manual confirmation of the certificate by user.)
Thanks!
Are you sure that you really access the service using https://127.0.0.1 and not using https://localhost?