I recently added free SSL to my heroku app following This blog post it worked great, however now Im migrating my app to Digital Ocean, I want to know if I can use this Universal SSL in Digital Ocean, What extra steps are needed, do I need an SSL certificate in my Digital Ocean?
Thanks in advance
In short; absolutely no extra steps. CloudFlare handles SSL certificates, cipher suites, protocols, etc all for you. You can either switch CloudFlare to flexible SSL or for Full SSL make sure you create a self-signed certificate in your Digital Ocean server.
Related
The new version of google chrome doesn't allow using webcam without https :
getUserMedia() no longer works on insecure origins. To use this
feature, you should consider switching your application to a secure
origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
So I need a free ssl certificate (or cheap ssl certificate) for my web application. Openssl doesn't suit me because browsers display warning message when the ssl certificate is self-signed.
An idea ?
Thank you in advance.
use https://letsencrypt.org/ to get a free valid ssl certificate recognized by your mobile phone and by your web browser
I use cloudflare.com Origin Certificate. It is pretty good.
How to configure the phpBB3 board to use the https connection available through CloudFlare - Flexible SSL Certificate (the free one).
The free SSL option really just works automatically as far as issuance goes.
Notes: You still may have mixed content issues to address after the certificate has been issued.
I'm having a bit of trouble understanding a bit about SSL, namely self-signed vs certified.
First, is my assumption that a self-signed certificate will still prompt the common browser warning message?
Second, data from a https domain doesn't transfer to a http domain, right? So if I had my site at domain.com, and my api at api.domain.com, I would need two certs, and have both of them setup for https?
Last, I noticed there are free SSL certs at sites like StartSSL. This feels fishy, given it can easily cost $100 for a cert at other sites. Am I wrong in being concerned?
Using a self-signed certificate will cause browser warnings. Your assumption is correct.
It depends; some browsers may warn when this occurs. But you absolutely should serve all of your services on HTTPS, so that clients can authenticate your site(s) and so that the connection is private.
It is possible to support multiple domains on a single certificate, via the Subject Alternative Name (SAN, subjectAltName) X.509 certificate extension. You could also use separate certificates.
StartSSL is trusted by all browsers; their certificates will be accepted and there is nothing "fishy" about them. You could use StartSSL's free offering to obtain two certificates - one for each domain.
If you want a single certificate for multiple domains via the SAN extension, you will have to find a product that supports that, and it will probably not be free. The Let's Encrypt initiative is working to
change the landscape in this regard, but they have not yet launched.
I had installed SSL certs one one of my cloud server by following this:
http://www.rackspace.com/knowledge_center/article/installing-an-ssl-certificate-on-apache
I am running jetpack plugin on my wordpress blog. The jetpack plugin is not getting connected to wordpress. I have talked with the Jetpack support guys and they say this:
Support Reply
"The problem is that OpenSSL doesn't recognize your certificate's Certificate Authority's certificate. The that URL works in browsers is because most modern browsers allow for certificate discovery by reading the "Authority Information Access" metadata from the certificate, which contains a URL from which the browser can download the CA's certificate. OpenSSL does not.
The best solution is if you can configure your webserver to supply the entire SSL certificate chain, rather than just your own certificate. That's what we do on WordPress.com. Sending the entire chain will also make your sites more compatible with older (and I believe some mobile) browsers."
Can any one describe me how can I install or provide entire certificate chain???
Thanks
These pages might help with setting up a CA and then creating a certificate: https://help.ubuntu.com/community/OpenSSL#SSL_Certificates
https://help.ubuntu.com/12.04/serverguide/certificates-and-security.html
My requirement is that I want to have an local network website behind ssl. I know I can create a self signed certificate but I would then need to install certificate on each client (which can be in hundreds and would not be on a domain). If I buy an ssl certificate. how would it help and what sort of ssl certificate do I need to buy?
This web application communicates with two signalR servers which I also want to be behind ssl. I'll be using self signed certificate for that.
I would greatly appreciate any help.
Thanks.