I am unable to ssl my website ainoapp.io, although i can use https://www.ainoapp.io/ as all our pages show up correctly however, site is still not secure.
Here are steps that i did on EC2 ubuntu apache system (after Godaddy approved the certificate).
enabled ssl and header module
uploaded files c969b7f1a54c0a63.crt and gd_bundle-g2-g1.crt to /etc/apache2/ssl
created two conf files in /etc/apache2/sites-available: ainosite.conf and ainosite-ssl.conf
enabled default-ssl.conf, ainosite-ssl.conf and ainosite.conf such that sites-enabled has these entries only.
EC2 instance accept inbound traffic 443
port.conf listen to port 80 and 443
restart apache
Below are the snippets:
Am I missing something here, any ideas would be a great help.
Thanks in advance.
Scrutinize the wording of the error (warning) message carefully.
The browser is not really complaining about your SSL configuration.
It's complaining that you're being inconsistent with the images on the page -- they are still <img src="http://... instead of also using HTTPS (or being relative links, or protocol agnostic).
I believe this is also referred to as a "mixed content" warning.
Related
I have my main site "domain.com" and a subdomain "apps.domain.com" (with different directories for each site)
I generated a LE wildcard certificate with cerbot but i cant figure out how to use it...
Im trying to get ssl on the domain and subdomain. (im using debian and apache)
I know im supposed to make a ssl config file for the 443 port then another one for port 80. Also i dont understand why apache doesnt read all configuration files (had to put 000 at the start of the file)
I also have several questions, when certificate is installed will the certbot auto renewals still work ? how do i tell apache to auto redirect to https ?
I've purchased a TLS certificate from godaddy for a domain (say somebeta.com - actual is different). The DNS points to an AWS EC2 Linux server which I operate. The httpd web server on this EC2 serves the REST API requests.
I've installed the certificate on the AWS EC2 server which points to beta.com, and at no place in httpd.conf or ssl.conf have I specified the ServerName directive. Every thing works nicely, https://somebeta.com works, green color appears, all is good.
Now I create a new subdomain routing on godaddy DNS, by pointing alpha.something.beta to another EC2 instance. When I install this certificate on another EC2 server, I get following in ssl_error_logs:
ip-<Some IP>.ap-south-1.compute.internal:443:0 server certificate does NOT include an ID which matches the server name
I looked on SO, and found that the hostname of the machine should match the CN in the certificate. If it does not, then SSL/TLS would fail (I believe mod_ssl checks and fails this).
My question is, I've not set the hostname of the actual somebeta.com EC2 server, but still the SSL/TLS works great. How is it happening? Does mod_ssl do some intelligence to figure that the localhost is actually pointing to somebeta.com (by doing DNS/etc) and that's why it works?
Please don't close the question too early, I understand the working of SSL/TLS in its entirety, I just need to know how the thing is being validated by mod_ssl in httpd. Does the absence or presence of ServerName directive matter always, or only sometimes?
I have successfully added SSL certificate to my url. now url is "https://puinex5xgm-l1". Its working fine on browser. but whenever I try to add port to this ulr "https://puinex5xgm-l1:90/" its giving me "SSL connection error ERR_SSL_PROTOCOL_ERROR". My apache server is running on port 90.
While creating certificate I have used domain name as "puinex5xgm-l1".
Please help.
ERR_SSL_PROTOCOL_ERROR is not related to the certificate. My guess is that you don't have https on port 90 enabled but instead plain http, which then will cause such an error.
I have found the solution.
I have made changes in "httpd-ssl.conf" file. Here, I have used "VirtualHost default:90" instead of "VirtualHost default:443".
Now Apache server listening my port.
Its working fine now.
I am using VBulletin Suite 4.1.4., which is written using PHP and nginx+apache setup (nginx as the front end server and Apache as the back-end server). This is a pretty standard "nginx+apache" configuration with nginx working on port 80 and apache on port 8080. I tried to enable https support and ran into the following problem.
As I read on the web, when one uses "nginx+apache" and wants to have https, he should configure ssl only for nginx server. So, I added required lines into nginx vhost configuration
listen 443;
server_name myserver.org;
ssl on;
ssl_certificate /tmp/myserver.crt;
ssl_certificate_key /tmp/myserver.key;
When I type https://.... the vBulletin forum opens in secure connection and the lock in the right bottom corner of the browser confirms it, so it looks like my settings work. At least to some extent.
But when I bring the mouse over links on the page, these links are showed as http links, not https. So, if I want to stay in secure connection, I can of course add the letter "s" manually each time I open a new page, but normally when you open forum as https://... all displayed links should automatically change to https.
Any ideas why this does not happen?
Even the answer where the problem lies - (a) in nginx configuration, or (b) in apache configuration or (c) in vbulletin configuration would help.
Thanks in advance!
The problem is that vBulletin running on apache detects the HTTP protocol, not HTTPS. But, you can change vbulletin settings in the admin panel in the following way:
Forum URL to 'https://your-site.name'
Always use Forum URL as Base Path to 'yes'
While not entirely programming related. I recently purchased a SSL certificate, and during the configuration I need to generate as CSR.
I am running Tomcat behind Apache via mod_jk. I see two options for generating the CSR one for Apache and one for Java based servers. My question is which do i use? At the moment the site needing the SSL is configured to have all requests forwared straight to Tomcat for processing. This however may change to only certain pages. Does it make a difference?
Thanks in advance.
If you are going to use mod_jk then the SSL cert should be generated for apache. mod_jk connects to tomcat over the APR protocol (default 8009) so all SSL handling is done by Apache. This works nice since, in the future, you may only want to proxy dynamic content with mod_jk, assigning the cert to Apache will allow you to proxy static content using HTTPS.
Fyi, the thread you referenced only discussed whether you had to generate the keypair and cert request on the same machine and is not related to running tomcat + apache + SSL. That thread is not relevant to your question.