I have an heroku app with using Automated Certificate Management.
Some ssl customers say me that i should disable SNI support on the hosting.
How can i disable the SNI for this heroku app?
From support:
Heroku ACM uses our SNI SSL endpoints. To have SSL that does not use our SNI endpoints, you'll need to use our SSL Endpoint add-on, https://devcenter.heroku.com/articles/ssl-endpoint, and provision and manage your own SSL certificates.
Related
I have a problem configuring SSL certificates between my client and my Server.
My client, is a frontend application written in Angular, installed on a Web Hosting called V-Hosting which provides cPanel and through which it is possible to install a free Let's Encrypt SSL certificate (with auto renewal certificate).
Therefore, a user's connection to the website is protected by the certificate made available by CPanel - Let's Encrypt.
Instead the Server, a Backend application written in Java, is on a Contabo VPS (Virtual Private Server).
On this virtual server there is Windows OS and I have Jboss installed, where my .ear package is installed.
My problem is that I can't figure out how to configure an SSL certificate so that client and server can communicate over https, as now my domain https://example.com/ can't communicate with my server on JBoss http://IP_SERVER:8080/rest/api as the Server has no certificate.
So, client has a certificate (https) but server not (http) and they can't communicate each other without a certificate on Server.
How can I make the Client and Server communicate in HTTPS?
I tried to install Keystore Explorer on my VPS and generate a keystore to install on jboss but it's not the best solution because then I would have a Let's encrypt certificate on the client and one self signed by me on the server.
In cloudflares cryptography settings I have set SSL to Full (Strict) and the Universal SSL Status is on Active Certificate as you can see:
But the thing is I am using also a certificate on my server by letsencrypt/certbot, which also works If I deactivate cloudflare, so I wonder if there is now some kind of double encryption?
nginx(ssl) --> cloudflare(ssl) --> enduser
There is no double encryption in the form of two encryptions inside each other. Instead there is one encryption between browser and Cloudflare and another one between Cloudflare and nginx. Both Cloudflare and nginx have access to the plain (unencrypted) data. The browser will only see and validate the certificate from Cloudflare while Cloudflare will see and validate the certificate from LetsEncrypt (served from nginx).
I'm wondering why we need SSL certificate ? Because the moment we generate the keystore, it does the same functionality. It gives SSL platform.
May I know please why we need certificate and if it really needs then how it works (Certificate merged with keystore) when a third party sends a request to access web-server's website ?
To use the SSL certificate in a web server, you configure your web server software (Apache, NGINX, etc...) to read the certificate. Tutorials on this topic abound; here is a sample set of instructions from DigiCert, who sells SSL certificates: https://www.digicert.com/ssl-certificate-installation-ubuntu-server-with-apache2.htm
My website is managed by Cloudflare, basically, the direct IP access is disabled. And also, I have a Comodo SSL certificate purchased from Comodo as well.
As per this, I believe installing the Comodo certificate purchased by me on the server instead of Cloudflare and using Cloudflare services (Direct Ip blocking) is impossible.
Is it true?
I have configured all the SSL configurations (Comodo SSL Certificate) in server level. Now the problem is with Cloudflare and server.
How can I use both Cloudflare and the server level SSL termination?
Please help me out!
Thanks
A consultant told me recently that he has clients using IIS. Those servers accept port 443 requests with no cert installed on the systems. I have no way to verify this, and our servers run Apache anyway.
I believe that Apache will refuse to accept secure traffic, or minimally, Apache will squawk quite loudly without an installed cert.
Will Apache route port 443 requests without a cert?
We are running 2.2.3 running on CentOS 5.
Thanks.
If you try to enable SSL (SSLEngine on) on Apache Httpd without configuring a certificate (and its private key), you'll get this error, and it won't be listening on that port (443 unless you've configured another one):
[error] Server should be SSL-aware but has no certificate configured
[Hint: SSLCertificateFile]
If you can't rely on a well-known CA, this certificate can be self-signed or issued by your own CA (although this is not practical, since you would have to distributed your certificates independently).
In principle, SSL/TLS doesn't strictly need X.509 certificates, but HTTPS more or less expects such certificates. More details in this answer.
The default install of apache installs an untrusted ssl certificate that you can use, but the browser will complain when you try and connect to it.
Though, in general, if you need to use SSL, then you should invest in a certificate.