How to use PFX file to avoid website security certificate error - ssl-certificate

We do have an application(Qlik Nprinting) in Azure VM server running with an application in-built web server(not IIS). Due to port conflicts, we haven't installed IIS in the server. In order to avoid the error "There is a problem with the website security certificate" while launching the application web portal, we requested certificates team for SSL certificate. But they have provided us with .PFX file and told us to install in our server.
The certificate team has generated a CSR file from their end and created .PFX and shared it to us. When googled how to use .pfx file the steps were shown for IIS server, but in our case, we do not use IIS.
Could you please guide me on the steps how to use .pfx file in our server(which do not has IIS) to avoid the website security certificate error.

Related

Publishing to IIS with WebDeploy from Visual Studio certificate error

I'm attempting to move to a new server. The new server is Windows 2022 with IIS 10. I've added my domain, lets use example.com, and added a trusted ssl certificate to it. The site is reachable and only accepts secure connections. I pinged the domain and the ip matches the server.
This is the certificate information when you visit the webpage.
My publish settings are set to that domain for all applications that I'm publishing on this server:
https://example.com:8172/MsDeploy.axd
When I go to publish though, it's giving me a message about an invalid certificate.
It's not seeing the certificate that I have for for mydomain.com. Does WebDeploy use a different certificate when publishing? I thought it would use the domain that I'm connecting to domain.
Anyone have any suggestions?

How to wire up a valid local self-signed certificate for ASP.NET Core and IIS 10 on Windows 10?

We're not using Kestrel, nor IIS Express. We use IIS for local development. Thus we can't find out any command of dotnet dev-certs to help us.
We can create a self-signed certificate in IIS by going into server node, then Server Certificates, then Create a self-signed certificate, and give it a name and either Personal or Web Hosting, and it's created. Then use it in binding of our site (443, https, choosing certificate and domain.local)
However, when we want to go to domain.local in Google Chrome we get that untrusted certificate warning.
We can export certificate in IIS and double click it to install it in Windows. Now the error we see in Chrome is that this certificate is created for LocalComputerName and can't be used for domain.local.
At this point we're stuck at how to specify domains (Subject Alternative Names or SAN) for self-signed certificates, and how to automate this process from command line.
Any help?

Backup cpanel account with SSL

I have a live server which has cPanel installed on it. It is hosting a website with a SSL certificate that got installed in Cpanel for the cpanel-user hosting the domain.
I now downloaded a backup of this cpanel account to my dev server (and restored it in WHM, dev server is using cpanel too) for testing purposes, however I have a question regarding the SSL:
Does the SSL certificate get copied when the cpanel account gets backed-up?
After changing my host file i am still able to see the website using SSL (even though its on the dev server and there was not a certificate installed). My understanding was that the SSL is specific for each server, because the CSR is done on the server the certificate should run on.
Why am I able to access both live and dev using https?
Yes, SSL certificate will be migrate When you migrate OR restore your account through cPanel/WHM tool.

How to migrate SSL from cPanel to Plesk?

We're migrating a website from a different hosting provider whom uses cPanel to our server which uses Plesk.
I've attempted to copy the text of the private key and certificate over to the appropriate fields in Plesk and submitting; however, visiting the site using the HTTPS throws a "The site's security certificate is not trusted!" error.
I tried to find the CA certificate and it was not to be found in cPanel. I have the CSR, but there doesn't appear to be a place to put it in plesk.
What steps am I missing?
Since you are using linux on both servers, instead of reissuing, you can just export the certificate from your cPanel and install it in Plesk.
I found some links that might help you with the installation:
https://support.globalsign.com/customer/portal/articles/1229840-install-certificate---plesk
http://www.sslshopper.com/plesk-8-ssl-installation-instructions.html
Hope this helps!

COULD NOT CREATE SSL/TLS SECURE CHANNEL: Client certificates, TomCat and .Net

I am having the same issue with client certificates that many people have reported, but none of the solutions I've seen have worked for me. I have a client I wrote in VB.Net (using VS 2010 and .Net framework 4.0) that needs to connect to a web service running on Apache Tomcat/5.0.27. It works fine with SSL when client certificates are not required, but as soon as client certificates are required, it fails with “THE REQUEST WAS ABORTED: COULD NOT CREATE SSL/TLS SECURE CHANNEL”
Testing it with Internet Explorer (8, 9 and 10, on XP and Win7x32), when SSL is enabled (configured on Tomcat by setting sslProtocol="TLS" secure="true" scheme="https" in the system.xml file), but client certificates are disabled (clientAuth="false"), IE is happy after the CA certificate and the server certificate are installed on the client PC. (IE will complain without the certificates, but you can tell it to ignore the warning. When the certificates are installed, it connects without any warnings.) When client certificates are required (clientAuth="true"), IE will not connect. After I import the client certificate file, it still does not connect. IE shows that the client file is installed, and it shows the certificate is ok and it trusts the CA, but it shows it in what seems to be the wrong store: Intermediate Certificate Authorities, and client authentication is not ticked under Purpose. The MMC certificates snap-in shows the client certificate is in the Personal - Current User store.
The certificate was issued to us by the owners of the web service, so in theory it has to work. The properties look ok, and the purpose shows "All application policies".
I need to get this to work with my .Net client. I use a Web Reference to create the connection to the web service. I set PreaAuthenticate=True, and attach the certificate file to the web reference, and can see it attached in the IDE. Using Network Monitor, I can see that the server sends certificates to the client (in two large packets), but the client doesn't seem to send any back to the server.
I have tried various recommendations, e.g. setting ServicePointManager.Expect100Continue = true and
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3, but this makes no difference.
I have disabled firewalls and proxy servers, so nothing should be blocking the traffic.
I'd appreciate any help.
Ok, it turns out there is a problem with the certificate they supplied, or it is somehow incompatible with the client. I found instructions on using OpenSsl to create a certificate, and it works with their server. They used java's keytool to make the certificate, so either it creates an incompatible certificate, or they didn't use the right procedure, and the procedure I used with OpenSsl is the correct one.
The steps in OpenSsl are to create a private key file (client.key), create a certificate request (client.req), sign the key (client.pem) then export it (client.pfx).