I have researched a lot before posting this question. I have a website that runs on HTTP. We are currently using ASP.NET webforms.
My boss wants to update the payment gateway to use Stripe. Stripe wants the payments page to be running on HTTPS rather than HTTP. So I want to make my website HTTPS.
There are a lot of articles out there to make your website https with your own self signed certificate. However, I couldn't find relevant Microsoft docs for doing the same thing in a live production environment.
My question is how would I do that in a production environment where you do not have ISS control?. I understand that I will have to buy an SSL certificate from a verification authority. Currently I am using FTP to replace the bin files and the modified files to make changes to the website.
I was wondering if there are any C#,ASP.NET veterans out there who can guide me in the right direction.
To run a web site with a certificate, which is a requirement to use HTTPS, you must be able to use IIS administrator to install the certificate on the web server and bind it to the web site on port 443. You could maybe possibly get it done without IIS admin by using PowerShell, but the user account running PowerShell would need the same permissions as if you did it with IIS admin.
Bottom line-- if you do not have any access to IIS admin at all, it is not possible to complete this task by yourself.
If your web site is hosted, you will need to approach the hosting service provider for instructions on how to request and install an SSL certificate for your web site.
Related
I set up a local Intranet site for our company on a new web server running IIS 10. I did this using .NET Core Razor pages where I get the logged on Windows user and grant/deny access based on their User ID being in specific Active Directory groups via SQL ADSI queries.
I issued a self-signed certificate which was working just fine until the recent Chrome update which no longer accepts my self-signed cert. The cert still works in Edge. Most of what I find for Chrome is a work-around telling people to just type, "thisisunsafe", which works but is not a valid solution.
The only other info I can find is advice to get the 3rd party SSL cert, even though all of this is behind our firewall. I did this, and that's not working either.
I don't understand why I can't use a self-signed cert for my own internal site. What is the best practice to manage the security for an Internal company intranet and the cert process needed?
I have a quick question on opting the SSL Certificate for the Web Application. In the Web Application, am using Kestrel as WebServer and application is not configured in IIS.
For Customers, I install the Application as a Service in Server Machine and its used by the employees only in intranet. Now the address of my application is http://machineName:port but I would like to have https://machineName:port.
Question 1) Is this possible for the Intranet sites?
Question 2) Will SSL be really needed in this case?
Qeustion 3) SSL works, only if I configure Web Application with IIS?
Yes it is possible. As long as the certificate is trusted by the clients. You can create a self signed certificate and have client machines add it to trusted root certificate authorities in windows. Or if the intranet is using a windows domain, you can have a Certificate Authority trusted by domain computers issue the certificate.
SSL is always better even in intranet and localhost scenarios. It ensures site identity, encrypts traffic, etc. Whether it is needed depends on the site. Some browser functionality such as using the camera/mic won't work unless the website is using SSL.
Kestrel allows using SSL. Checkout docs here.
So,
I currently have a net core web api running in a windows VPS (amongst other things). When I make requests to this api, I would like to do so using https. It seems I need to have an SSL Cert on this VPS (which does not have a domain, just an IP).
The https API is on xxx.xxx.xxx.xxx:443
The net core application is published into a self-contained package and run as an .exe (i think using IIS express)
Ideally I would like to use a free SSL cert from something like zerossl.com or any viable alternative you may suggest
How can I go about making it so that if I access xxx.xxx.xxx.xxx:443/api/values, I get a secured icon in my browser?
Thanks
It seems I need to have an SSL Cert on this VPS (which does not have a domain, just an IP)
It is impossible to bind SSL Certificate to IP address.It must bind to domain.
I have an application running on IIS 8.5 on my Windows Server 2012 and I have configured it to use this certificate I just bought. So now I can access the website using https protocol.
I have node.js clients running on some computers outside my network and posting some data to the server from time to time. I want to secure that connection now that I have a SSL certificate. I've been googling around for a couple of hours and I was not able to have the picture of what I need to do.
My goal would be to do the HTTP POST from client and only the clients using the certificate would be allowed to upload data to my https://example.com/upload url.
Firstly, I need to configure IIS so that requires a certificate when doing the handshake but I have no option for that in the authentication panel inside my webapp. I only have these options:
What am I doing wrong?
Click on SSL Settings
Then tick Require SSL
We have a Web-Application that should interact with a desktop application that has a helper tool character (e.g. no setup, no need for admin privileges). The helper is listening via http/https on a simple port bound to localhost.
The Web-Application uses a SSL certificate. Every customer has a machine on its own for his data. For claryfication: The Web-Application is running on a server, serving one customer but multiple people.
The problem is, the Web-Application cannot reach the helper tool via https (using image or iframe). The main issue is, that the local webserver listening on localhost has no signed certificate. So the web browser is blocking the interaction.
Is there any way to get around this trouble? I think, I cannot get a certificate for localhost, because no one would sign it.
I know, that I cannot use XMLHttpRequest for this, but that's not the point.
The goal is to have a customer friendly - no install - just works - solution. The customer should not do ANY configuration. Just downloading and starting the tool. We'd like to have a direct communication to the tool (e.g. no outbound direction to the web server).
Is the any solution for this?
If it is Active-directory environment , you can create your own CA and sign certificates and distribute them across the domain. also you can add to trusted sites through domain policies this way client side you don't need to configure anything .