Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I have a site that is active/online, that have an SSL certificate.
Can I use the same certificate, on a development site, that is also online, that can be access by ip ?
On the development site I'm using Linux/NGINX.
More info:
The development site will not use the same hosting/technologies when will be active as the current website
I want other people besides the development to access the development website
Because the domain will remain the same, and the SSL is on the domain, I wanted to set the correct SSL on dev to prepare to replace the other website
The dev server is on a public VPS
Taking from answers, please explain: the development website must work if called by the same name that your current site is ?
I'm confuse, When I type the domain name will always trigger the active website(both are public).
A certificate is valid for a name, not for an IP address.
You can use the same certificate, as long as you can reach the other site by the same name. If this just refers to your development machine or a group of developers, you can edit the hosts file or have a DNS server resolve the name to the IP address of your development site. The question is whether this is worth the effort. If the number of developers is small, it is easier to tell them to just accept the certificate.
If you want other people to access the development site, such as for beta testing, just get a DNS name and a certificate for the development site. Use a Let's Encrypt certificate, it's free.
Edit
It doesn't matter for the certificate whether the development site uses the same technologies as the active website.
As stated, a certificate is valid for a name, not for an IP address. You need a DNS name and a certificate for the development site.
If "domain will remain the same" means that you have a wildcard certificate, as in *.example.com, then it will work for both www.example.com and dev.example.com. However, if your certificate is for www.example.com, then it will not work for dev.example.com just because part of the name is the same.
It doesn't matter where your dev and production server are.
Yes you can use the same certificate if some conditions matches:
the developement website must work if called by the same name that your current site is
you need to somehow have this site name resolve to the development ip address (either by modifying a hosts file, or by using a custom DNS server)
Related
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed last month.
Improve this question
I've registered my domain at Namecheap (example.com), bought ssl from ssls.com, serving content from AWS S3 using AWS CloudFront. Imported the certificate to AWS Certificate Manager. All of the above correctly redirects to https://www.cashflowbux.com :
cashflowbux.com
www.cashflowbux.com
http://cashflowbux.com
http://www.cashflowbux.com
The issue is when I type https://cashflowbux.com , it throws ERR_CONNECTION_TIMED_OUT . Can anyone suggest how to fix it please?
Namecheap replied saying
If you wish to make it redirect via HTTPS, it is required to point
your bare/root domain to hosting directly and install an SSL
certificate there. It is not possible to install it on our BasicDNS
nameservers.
In the same way that you had to create a record on your DNS zone "www.cashflowbux.com" record as CNAME type to "d9cmuu1x2w6f7.cloudfront.net", you must create a CNAME "cashflowbux.com" record to "d9cmuu1x2w6f7.cloudfront.net": your DNS provider must supports CNAME records on a root domain using techniques such as CNAME flattening for this.
If is not possible for it, you probably need to migrate your DNS zone to Route53 which supports this feature well.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
I have a subdomain sub.domain.co.uk that points to my server ip address lets say 192.0.2.1 currently this just uses http.
I have a need to make this use https/ssl so I have purchased my SSL but my server host have advised I need to point my url sub.domain.co.uk to a different IP in order for the SSL to work so I can hook it up in IIS.
So now I need to point sub.domain.co.uk to 192.0.2.2
So the only way forward I can see is that I go into my DNS settings in 123 reg and change my sub.domain.co.uk A record from 192.0.2.1 to 192.0.2.2
And incurr the downtime/propagation that comes with that.
Am I missing something, is there a better way to do this without incurring downtime?
For example, could I just add a second A NAME, for the same sub domain, e.g...
sub 192.0.2.1
sub 192.0.2.2
and in IIS just point my SSL to the second one, or would that confuse browsers?
Any help appreciated in advance
I believe I have solved this myself after a little research.
So I have two websites in IIS with an SSL that are using * as the ip address, meaning use any unassigned ip's.
So when I tried to add the SSL to the second website it complains saying that cause issues with the bindings on the first.
So if I just tick the little box that says 'Require Server Name Indication' on my second IIS bindings (when applying the SSL) it works perfectly.
Great article on Server Name Indication below (SNI)
https://www.cloudflare.com/learning/ssl/what-is-sni/
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I have hosted a website using VPS and pointed to it using DNS services of CloudFlare, The site is working properly. Now I am trying to install ssl provided by Lets Encrypt, I am able to complete the steps successfully but the site doesn't appear to be ssl enabled. Also when I completed the steps succesfully the process didn't generate any cert file.I have used the https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04 could anybody tell me were I might be going wrong.
CloudFlare supports using Let's Encrypt between CloudFlare and your origin; however you must use the --webroot argument when you run the Let's Encrypt binary.
By using the webroot authentication method, a temporary file is placed to validate your domain for the certificate. There is a guide on how to do this on the CloudFlare help centre: How to Validate a Let’s Encrypt Certificate on a Site Already Active on CloudFlare
By using this method, you are able to ensure the connection between CloudFlare and your origin web server is fully encrypted using Strict SSL.
Now you have https on your server.
So the communication vpc-cloudfare can use https.
Now you have to configure cloudfare to use https betwenn cloudfare and the browsers.
See https://www.cloudflare.com/ssl/
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 9 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
I own a domain at my DNS provider. I've pointed it to my house. My house keeps the IP address at the domain updated through dynamic DNS, so the A record always points to my IP address. I run OpenVPN at my house so I can connect from elsewhere. It's using a self-signed certificate. So, of course, I get SSL warnings when I connect.
My question is, Can I obtain an SSL certificate from StartSSL (free), set it up on OpenVPN, and get my browser to recognize the certificate as valid? For that matter, can I get any SSL certifcate to validate for any personal, development site I might set up at home in this situation? (OpenVPN.example.com, TestSite.example.com, etc)
(OpenVPN is not using port 443 or port 80, because I've heard that ISPs don't like it when you use those...)
The short answer is Yes. When creating a SSL certificate request you set the "common name" to the DNS name of the host. You can change the type of DNS record (e.g. A, CNAME, etc.) or record value (e.g. 192.168.1.2) at anytime as long as the record name (e.g. vpn.example.com) is the same.
For a browser to recognize a SSL certificate (not give warnings upon connection) a matching Certificate Authority (CA) must ship (or be manually added) to your browser or OS. To avoid SSL warnings with self-signed certificates you could instead provision a cert using a local/custom CA and install its root certificate on any necessary computers.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have an SSL assigned to my main domain and I'm wondering if I can use the SSL to my sub-domain!! I frankly tried it out, but it shows warning page saying that this page is not safe or so on. Is there a solution to this so I can use the SSL on my sub-domain to let clients send their info on a secure connection.
The error message " This webpage is not available"
X.509 certificates (often called "SSL Certificates") are usually only bound to a single domain, usually mydomain.example, www.mydomain.example or secure.mydomain.example. They cannot be used on any other domain name, even if it's a subdomain (so a certificate for mydomain.example cannot be used for www.mydomain.example and vice-versa).
There currently exist 2 other types of certificates which can be used to simultaneously secure multiple domain names simultaneously:
A relatively new type of certificate called an "SAN Certificate" - short for "Subject Alternative Name" - also sometimes called "Unified Communications Certificates" after a feature in Microsoft Exchange Server which requires this certificate type. These certificates declare a finite list of hostnames they can be used against.
Then there's wildcard certificates. Historically these were very expensive but recently we've seen a huge drop in price. With one of these certs you can secure anysubdomain.mydomain.example including the top-level mydomain.example.
Without either of these SSL certificates you'll need to get an SSL cert for each domain name you want to secure.
Note that having a different certificate for each hostname/domain-name can cause problems because the TLS system establishes security for the channel before the HTTP Host: header is sent - this means that each secured website will need its own IP address or port number.
...unless you use SNI (Server Name Identification) certificates. The good news is that all modern browsers and servers support it SNI, so multiple secure websites can share IP addresses and port bindings with their own certificates (so without needing a single SAN certificate that lists all domains on it).
The bad news is that Internet Explorer on Windows XP cannot connect to SNI websites (but Chrome and Firefox are okay), and on the server-side you need at least Windows Server 2012 or later. So adopt SNI based on how popular IE+XP usage is.