I have got a SSL certificate for domain "www.example.com" and I have installed this certificate in tomcat server which runs on port 443 which runs fine. Now my requirement is to run nodejs code in https.
So i want to configure through nginx. So nginx will listen for incoming request and use ProxyPass. I am trying this but we get key mismatch error
So main question is:- Is it possible to use same certificate generated for tomcat keystore in Nginx
Related
I have 2 domains (domain1.example and domain2.example) under the same Ubuntu 14.04 Apache server. Each domain has one SSL certificate.
It happens that, sometimes, when users open domain2.example on the browser, they receive the domain1.example SSL certificate instead of domain2.example certificate. The weird thing is that it happens sometimes, and also, that if I change the *:443 default server, it starts answering the SSL of the new *:443 default server.
What do you think is happening? I cannot find the error.
I want to remove port number from URL. I have installed apache server and tomcat both on ubuntu. And created SSL certificate on a domain name. So it's fully secure connection.
Below is my URL.
https://DomainName:8443/AppName.
The application is running fine with above URL.
I am expecting URL - https://DomainName/AppName
You just need to change the port in your Tomcat server.xml, from 8443 to 443. Unless you're using Apache as a reverse-proxy, in this case you have to configure it with an SSL virtual host.
I have a nginx server that manages a few domains and subdomains. There are some subdomains that have an own SSL certificate and they work fine. The problem is that if I try to open blablabla.mydomain.com (this subdomain is not configured in nginx) then firefox shows me an error "Connection is not secure" and "The certificate is only valid for xyz.mydomain.com" (this domain is configured with SSL and works well)
The same happens when I open the root domain mydomain.com. Then the server also returns the certificate for xyz.mydomain.com which is rejected by firefox.
I only want nginx to return the SSL certificate for domains/subdomains I explicitly have configured HTTPS. For what I understand, my configuration should be doing exactly this.
I configured all my https-subdomains like this:
server {
listen 443 ssl;
server_name xyz.mydomain.com;
root /var/www/xyz.mydomain/;
ssl on;
ssl_certificate /etc/letsencrypt/live/xyz.mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xyz.mydomain.com/privkey.pem;
...
}
The root domain (which should have no SSL) is configured like this:
server {
listen 80;
server_name mydomain.com;
return http://some-redirection.com;
}
There is no SSL server block for this domain. Nor is for the other subdomains that do not exist. So why does nginx in these cases return the certificate for xyz.mydomain.com?
I don't use any wildcards in my server config. Is there some way to debug this? I mean, there must be a reason why nginx always returns the certificate for xyz.mydomain.com for every non-configured domain/subdomain. Why not another configured and working certificate?
I use an Ubuntu 14.04 server with nginx 1.4.6
If you need more info on my config, let me know
EDIT: I think I know why my config does not work. When using https the client encrypts also the domain name and this causes nginx to try all available server defintions. When it doesn't find one it returns the last one? And xyz.mydomain.com seems to be the last one (alphabetically)
So is there a way to avoid this? Would I have to create a ssl cert for every other subdomain?
I have SSL wildcard certificate.
I have tomcat as well as apache server running on my machine.
Currently ssl has been applied on tomcat but apache being my wrapper server needs ssl certificate too.
Both apache and tomcat are on same machine.
Can I use same wildcard for both of them ?
Yes, you can use same Wildcard SSL certificate (but for only one domain such as *.domain.com) for both tomcat and Apache server. Even you can use the same wildcard SSL certificate for different server too.
I have a website setup, if I load the website with http://www.url.com:443 it works as expected, but if I load https://www.url.com I get a "ERR_CONNECTION_CLOSED" error on Chrome.
I have setup iptables to load port 3000 through both port 80 and 443.
Server is running centos, there is no ssl certificate setup at this stage
You configured the server to listen on port 443 but didn't configure it for SSL traffic. In other words, you merely changed the port from 80 to 443, so it is serving HTTP on port 443.
You say there are no SSL certificates set up. That's the problem. You need to set up certificates (even if only self-signed ones) for HTTPS to work at all. It's the key and certificates from this setup process that tell the server how to encrypt the HTTPS data, and how to identify itself.
This page will help you to set things up properly: https://wiki.centos.org/HowTos/Https
There are many places you can look for advice on creating keys and certs, but the easiest and least expensive options are StartSSL and LetsEncrypt. Both will do this for you at no cost.
https://letsencrypt.org/
https://www.startssl.com/