I just created a new SSL certificate with GoDaddy. I imported this certificate into IIS 8.0.
Then I checked all existing sites and their SSL certificate. Everyone has its own certificate. So far, so good.
Now I want to add the new imported certificate to a new site. But everytime when I do this, an "error" comes and says that there is an existing site that uses the same certificate. But before that I checked all sites and I haven't seen the same certificate.
If I click on "do it anyway" it changes the certificate of an other site to the new certificate that I just imported. So as a result two sites are using the same certificate now.
How can that happen? Is there a possibility that these two sites have a kind of a connection? Did I do something wrong with the import?
I absolutely have no idea.
Thank you.
PS: Even if I apply for a new certificate, I still get the same result.
PS: Could it be because of two different SSL distributors? One is Symantec and the other one is GoDaddy.
PS: This is the first GoDaddy certificate that I try to install after the Symantec one.
You might be using the same IP and port for all the url's configured on IIS 8. If that's the case, then you have to mention the exact URL in the Hostname section when you bind the certificate as per image below.
Also Make sure you put a tick mark to REQUIRE SERVER NAME INDICATION and then select the correct certificate from the dropdown in the SSL Certificate section.
Related
So basically my old domain was benscottp.com for my main domain on Godaddy. I changed it last week to Atmosquare.co.nz. I have put a third party ssl on one of my websites before but it was a subdomain. I have provided a screenshot in my manage ssl panel and the ssl certificate that is for the new domain (atmosquare) has the details of the old domain in it? How do I change this as I think it's the reason behind the ssl not working.
enter image description here
SSL isn't working because it's not issued by a root CA trusted by the browser. There may be other problems also, but that's definitely one of them.
You can't change the certificate. You need to create/order a certificate that covers the domain(s) you want to run SSL on.
You can get free, valid certificates for whatever sites you need from https://letsencrypt.org/
we have a website on a dedicated server with iweb.com. Our SSL certificate is purchased through Godaddy and expiring soon, so it’s time to get it updated. Iweb has a general article on how to install ssl certificates (https://kb.iweb.com/entries/21117106-Installing-SSL-certificates) but it’s not detailed so there are still some questions about that.
GENERATING A CSR AND INSTALLING A SSL CERTIFICATE:
“In order to get a SSL certificate, you need to create a Certificate Signing Request (CSR) and send it to the Certificate Authority.”
- Does it mean I can create a certificate myself for free, and don’t have to purchase it through godaddy or any other service? If yes what is the difference? And if I already have a certificate should I skip the certificate generating step and start with the installation?
FOLLOW THIS PROCEDURE TO INSTALL THE SSL CERTIFICATE:
Under the installation steps it asks to enter the domain name for which the SSL certificate was created, will it include the ftp, email, cpanel servers as well?
And lastly, what’s going to happen with my old certificate, will it be deleted or I have to remove it manually?
Thank you!
Does it mean I can create a certificate myself for free, and don’t
have to purchase it through godaddy or any other service?
Well, you can get a self-signed one for free, But, if people are visiting your website, there will be a HUGE alert on their browser, and try to stop them from browsing.
And the Certificate Signing Request is not actually a Cert! (well, it does contain your public key, and some other information)
The difference between a self-signed and public-CA-signed one is just like your school ID and your passport, the school ID only valid in a small community, and the passport is recognized by the general public as a personal ID.
See: How to create a self-signed cert in Ubuntu with Apache Using OpenSSL
If your think the price for Godaddy is too high, you may try something cheaper like PositiveSSL or RapidSSL, which is only around 10 USD/year/domain
And there is also a free one: StartSSL
Under the installation steps it asks to enter the domain name for which the SSL certificate was created, will it include the ftp, email, cpanel servers as well?
No, just the web server you wish the general public to be able to visit.
if there is a web interface for the email (like Gmail) or CPanel, you may have to create a ssl for them as well.
And lastly, what’s going to happen with my old certificate, will it be deleted or I have to remove it manually?
You should update it. if you haven't renew and update it, the browser will try to block your visitors with a HUGE alert again after the expiration date.
I have a site which is hosted using godaddy and heroku and it has issued SSL certificate fro the godaddy.
Right now I am facing issue as, I (including all my friends and family) can see site very well (It means I can see green color HTTPS on the address bar.)
But for my client getting the SSL error(red cross on HTTPS).
First I thought SSL certificate is not properly installed so I online check the SSL certificate error. For this I used following sites
https://www.sslshopper.com
https://www.digicert.com
but all the sites showing that the certificate is perfectly issued and applied.
Can any one please help me what is actual cause behind this. Is there any firewall issue. Please let me know your thoughts.
I had installed SSL certs one one of my cloud server by following this:
http://www.rackspace.com/knowledge_center/article/installing-an-ssl-certificate-on-apache
I am running jetpack plugin on my wordpress blog. The jetpack plugin is not getting connected to wordpress. I have talked with the Jetpack support guys and they say this:
Support Reply
"The problem is that OpenSSL doesn't recognize your certificate's Certificate Authority's certificate. The that URL works in browsers is because most modern browsers allow for certificate discovery by reading the "Authority Information Access" metadata from the certificate, which contains a URL from which the browser can download the CA's certificate. OpenSSL does not.
The best solution is if you can configure your webserver to supply the entire SSL certificate chain, rather than just your own certificate. That's what we do on WordPress.com. Sending the entire chain will also make your sites more compatible with older (and I believe some mobile) browsers."
Can any one describe me how can I install or provide entire certificate chain???
Thanks
These pages might help with setting up a CA and then creating a certificate: https://help.ubuntu.com/community/OpenSSL#SSL_Certificates
https://help.ubuntu.com/12.04/serverguide/certificates-and-security.html
I created ssl certificate using IIS 5.1 and generated a file certreq.txt. Now what is the next step to use this file. I am a developer and working on a site that is host on my local machine. Is is necessary to get license from any CA?
Please guide me ASAP.
You can create a self-signed cert, but that will not be very elegant for end users if this is a public website as there is the prompt about cert validity. Otherwise, yes you need to obtain a cert from a CA. I find the best is Verisign, although DEFINITELY not the cheapest. Others are Godaddy, CheapDomain, and pretty much any registrar can help with it.
The link is for 5.1, but you can find tutorials on all versions. For testing I would go the self signed route.
The certificate generated from IIS, is a self-signed certificate, which can be used to test your website. However, if you run a public website from a self-signed certificate, every user will get a warning that the site is not safe. You will eventually need to get a license from a CA when you are ready to publish your site. Your domain host should provide an SSL certificate service, for something like $50-150/yr.
You can either self sign the certificate or send it to the CA to avoid the do-not-trust this site prompt. SSLTools Manager is a nifty app that can send your csr to a CA. Not sure about the self-signing feature though.