I have a site and I have a development subdomain I want to assign a self-signed certificate to it so I can test a login portal, I will consider buying an actual SSL certificate for my real domain, I host my site with 1and1.co.uk. I use FTP to connect.
Related
I'm using Lets Encrypt Certbot to generate ssl certificate btw if you notice my url already have https, I only generated it manually and that's not secured. Just want to know if my url is acceptable to have a ssl certificate.
You can get an SSL certificate for any website. You just have to verify ownership of your domain and once the certificate has been issued to you upload it to your website host.
I am using the free version of Cloudflare and I created a wildcard SSL certificate for 1 level subdomain using 'Origin Certificates', upload this on Azure web app and configured the wild card subdomain on Cloudflare without the traffic goes through Cloudflare. It gives me the below error.
Error:
http://prntscr.com/ormgne
NET::ERR_CERT_AUTHORITY_INVALID
Subject: CloudFlare Origin Certificate
Issuer: CloudFlare, Inc.
Cloudflare Settings:
http://prntscr.com/ormgye
Azure webApp settings:
http://prntscr.com/ormhop
My application is a multitenant and creating a subdomain dynamically.
Screenshots provided above.
Expected Result: The SSL should be enabled on wildcard subdomain.
It should be like that. Because the origin Certificates you created from Cloudflare are only valid for encryption between Cloudflare and your origin server.
It is only used to protect the traffic between your server and Cloudflare.
However, Cloudflare is not a trusted CA issuer, if you access your website directly (without Cloudflare), your browser will not trust the Certificate. You can consider the Certificate as a self-signed Certificate.
To solve this:
You can purchase a SSL Certificate from trust issuer. For example: DigiCert, GoDaddy or Let's Encrypt (free)
Or, you can turn on the protection to make the traffic go through Cloudflare.
I am working on a client's site - we'll call it checkers.com - that I previously bought an SSL certificate for. They bought a european domain - checkers.eu - that that uses an A-record redirect to point to checkers.com, but setting up an SSL certificate for that domain fails because it's technically on the same IP address as the checkers.com site, and that's not allowed. How would I go about setting up an SSL certificate on checkers.eu when that domain just redirects to a domain that already has an SSL certificate?
As per your question, it seems like you are using a SSL Certificate which offering only Single Server License policy. As per SSL under this policy, you can only install SSL certificate on one domain, one IP address and one physical server. If you try to install it on same IP address it will never allow you.
You either need to purchase another server license from the Certificate Authority, or else get the SSL Certificate from Certificate Authorities which offers multiple server license such as (Comodo, Thawte, GeoTrust & RapidSSL).
I am trying to activate HTTPS for my domain name. Chrome recognizes the SSL certificate when i go to https://www.example.com, but I get the error and it says that my SSL is not trusted. What do I need to do to get my SSL certificate to be trusted?
Instead of using a self-signed certificate, get one from a certificate provider. I'd recommend you looking at LetsEncrypt because they have a good automated support for being able to renew certificates automatically.
When I send a request a known site lik facebook, Google,... on https protocol, the certificates are appearing on browser via pedlock.
How the web site (facebook,google,..) certificate comes to my browser?
How my browser knows the certificate is valid? is asking the Certificate Authority company?
What means my computers trusted certificates (on Windows certmgr.msc)?
1. How the web site (facebook,google,..) certificate comes t y browser?
When your browser requests a website using the HTTPS protocol the transfer will start with a SSL/TLS handshake. During this handshake the server will submit the website certificate to your browser.
2. How my browser knows the certificate is valid? is asking the Certificate Authority company?
The website certificate is commonly provided by a certificate authority (CA). The CA has signed the website certificate with its own certificate - after it has verified the websites identity. Every browser has some certificates from trusted CAs pre-installed. These certificates are used to check if the submited website certificated is properly signed by the CA.
In addition the browser may use the Online Certificate Status Protocol (OSCP) to check if the website is still valid.
3. What meansmy computers trusted certificates (on Windows certmgr.msc)?
I guess this is a different topic. The CA certificates used for HTTPS connections are part of the browser (IE, FF, etc.) and no part of the operating system.
Additional notes
The way the browser displays a trusted HTTPS connection depends on the browser and of the type of the used certificate.
If you are interested in some details how the certificates are distributed, you may doa research to the topic of "Public-key infrastructure (PKI)"