I'm trying to set up https connection in one of my API.
I normally make requests to my API through this address: http://vps234602.ovh.net:8090
I'd like to be able to make https requests.
I tried to make a redirection in OVH panel, from api.uphair.fr to http://vps234602.ovh.net:8090.
Then I used the zerossl certificate wizard to build the certificate.
In the "domains" field, I typed
www.api.uphair.fr api.uphair.fr
Then I builded the certificate and the DNS verification went well (I was able to add new TXT entries in my DNS zone according to what zerossl was asking).
Then I followed the steps to add this certificate in IIS for my API.
When I'm trying to connect to https://api.uphair.fr the redirection is good but I got the error:
:ERR_CERT_COMMON_NAME_INVALID
I did this for another site in IIS, https://partenaires.uphair.fr and it works well.
Does Anybody know what I'm missing here ? Do I just have to wait for the DNS propagation ?
Thanks for your help.
Related
I have a website called http://jobdirecto.com/ that I want to turn into HTTPS.
The site is hosted in Heroku and the domain I got from Namecheap.
I got the paid version of Heroku since that lets me configure the SSL (and I think that's what I have to configure to make it HTTPS). They ask me for a "public certificate" that I don't have though.
I also bought a SSL from SSLs.com and they gave me a private key but no public certificate.
I am lost in what I have to do now to make my website secure.
There's no need to purchase anything. Use Heroku's Automated Certificate Management, which is powered by Let's Encrypt:
Run heroku domains and make note of the .herokudns.com domain it lists
Set up a CNAME record for your custom domain pointing to the .herokudns.com domain from the previous step
Run heroku certs:auto:enable to start the certficate provisioning process
Run heroku certs:auto to see your certificate's status
Please note that
It usually takes between 45 and 60 minutes to generate a TLS certificate for your app’s custom domains
This will let your site run over HTTPS, but it won't automatically redirect requests from HTTP to HTTPS. To do that we'll need to know more about your application.
There are two domain names:
1.one long (example: MaryJaneFamily.com)
2.one short (MaryJane.com).
The 301 redirect works correctly from EXISTING links from various web sites (from when the site had no ssl).
The redirect domain name appears but gives a "insecure site" warning and it appears as https://MaryJane.com.
The primary domain name does not show up in google listings at all.
I have validated the full domain name with google and provided a new sitemap to google.
The sitemap submission is not showing any errors. DNS for primary domain name shows it is fully propagated.
The link that appears in google is not the primary domain but the forwarded domain name with an "s" added to the http - selecting that link brings to you a "insecure site" warning screen.
What am I doing wrong?
It appear that your SSL certificat is maybe not valid or generated and auto-signed by your server. You have to use a SSL certificate certified by high autority trusted domain. A lot of hosting services can sell you a validated and trusted SSL certificate, or some companies like CloudFlare can give you for free (with some other protections and services like CDN, DDoS protect, firewall...etc).
If you want to do it yourself, you can use Let's encrypt to make your own trusted certificate (remember that you will have to renew this all 3 months but you can easily automate it).
Well, you can read this guide to know more about SSL certificates and which you sould use.
I hope it will help.
Is there a "return 301" for forced SSL in your sites config? If you don't force SSL then you will receive both secure and insecure ports.
Recently I have installed ssl certificate on my website. After the ssl certificates have been installed ,I found that my subdomain is not working properly. I will address my subdomain as 'xxxx'and main domain as 'primary'. The main domain works well with http as well as https. Now the subdomain works well with http, but with https://xxxx.primary.com delivers me the main site content and not the content of subdomain. I'm using apache server, linux operating system.
Can anyone please help to solve this issue?
Thanks in advance.
This is how SSL protocol works with the browsers. Whenever browsers receive HTTPS request for domain name, it first checks with the server then delivers the site's content. If a website on server has enabled SSL accessed with HTTPS, browser will try to make secure connection and send request to the server.
In your case, your main website is working properly with HTTP as well as HTTPS and delivers proper content, but your sub-domain is not showing proper content for HTTPS. In order to deliver proper content you should consult with your development team. You can better host your sub-domain on another server or you can protect your sub-domain with valid separate SSL certificate.
Suggestion: If you own multiple sub-domains then it is advisable to use Wildcard SSL, that can protect unlimited number of sub-domains with single certificates. Please note, this unlimited does secure first level (blog.domain.com), doesn't second-third-fourth-etc. level (news.blog.domain.com, 1.news.blog.domain.com or abc.1.news.blog.domain.com).
I would like to make my azure web site as https enabled one. As exactly like https://mysite.azurewebsites.net. Though I have uploaded my SSL certificate in certificate section in web site configuration tab its not redirecting automatically. Is there any other settings I have to enable?
Appreciate your help.
So to clarify the sequence of steps:
After you configure your custom domain properly, then h_ttp://customdomain.com will point to mysite.azurewebsites.net.
After you bind an SSL certificate to a custom domain in a web app, then h_ttps://customdomain.com will point to mysite.azurewebsites.net, using the bound SSL cert. If you still can't access h_ttps://customdomain.com, then you need to check whether you've configured your domain records properly at the domain registrar.
At this point, h_ttp://customdomain.com will continue to work. If you want to enforce HTTPS for your web app, see http://azure.microsoft.com/en-us/documentation/articles/web-sites-configure-ssl-certificate/#bkmk_enforce.
I am new to SSL concept. I am having a Rails 3.2 application running on heroku.
Can anyone please clarify me about the following things:
If I am having a heroku application "http://example.herokuapp.com", can I add SSL certificate to it without having any own domain (like www.example.com). If so, could you please provide a reference url to that process.
If the above thing is possible, in future if I own a domain (like www.example.com), can I add the same SSL certificate to that domain. Or I need to have a new SSL certificate for it. Or pointing secured (https) url of that application to the new domain (like www.example.com) is sufficient?
Thanks in advance.
Regards,
K. Subrahmanyam
You don't have to buy or add anything to use SSL and HTTPS on the .herokuapp.com subdomain, it comes with piggyback-SSL for free out of the box. I.e.: https://example.herokuapp.com/
If you add a custom domain and want SSL on that, you also have to buy a certificate for the domain and add the relevant add-on. That's documented on Dev Center.