A consultant told me recently that he has clients using IIS. Those servers accept port 443 requests with no cert installed on the systems. I have no way to verify this, and our servers run Apache anyway.
I believe that Apache will refuse to accept secure traffic, or minimally, Apache will squawk quite loudly without an installed cert.
Will Apache route port 443 requests without a cert?
We are running 2.2.3 running on CentOS 5.
Thanks.
If you try to enable SSL (SSLEngine on) on Apache Httpd without configuring a certificate (and its private key), you'll get this error, and it won't be listening on that port (443 unless you've configured another one):
[error] Server should be SSL-aware but has no certificate configured
[Hint: SSLCertificateFile]
If you can't rely on a well-known CA, this certificate can be self-signed or issued by your own CA (although this is not practical, since you would have to distributed your certificates independently).
In principle, SSL/TLS doesn't strictly need X.509 certificates, but HTTPS more or less expects such certificates. More details in this answer.
The default install of apache installs an untrusted ssl certificate that you can use, but the browser will complain when you try and connect to it.
Though, in general, if you need to use SSL, then you should invest in a certificate.
Related
I have a problem configuring SSL certificates between my client and my Server.
My client, is a frontend application written in Angular, installed on a Web Hosting called V-Hosting which provides cPanel and through which it is possible to install a free Let's Encrypt SSL certificate (with auto renewal certificate).
Therefore, a user's connection to the website is protected by the certificate made available by CPanel - Let's Encrypt.
Instead the Server, a Backend application written in Java, is on a Contabo VPS (Virtual Private Server).
On this virtual server there is Windows OS and I have Jboss installed, where my .ear package is installed.
My problem is that I can't figure out how to configure an SSL certificate so that client and server can communicate over https, as now my domain https://example.com/ can't communicate with my server on JBoss http://IP_SERVER:8080/rest/api as the Server has no certificate.
So, client has a certificate (https) but server not (http) and they can't communicate each other without a certificate on Server.
How can I make the Client and Server communicate in HTTPS?
I tried to install Keystore Explorer on my VPS and generate a keystore to install on jboss but it's not the best solution because then I would have a Let's encrypt certificate on the client and one self signed by me on the server.
My website is managed by Cloudflare, basically, the direct IP access is disabled. And also, I have a Comodo SSL certificate purchased from Comodo as well.
As per this, I believe installing the Comodo certificate purchased by me on the server instead of Cloudflare and using Cloudflare services (Direct Ip blocking) is impossible.
Is it true?
I have configured all the SSL configurations (Comodo SSL Certificate) in server level. Now the problem is with Cloudflare and server.
How can I use both Cloudflare and the server level SSL termination?
Please help me out!
Thanks
To begin let's say I have this configuration :
mywebsite.com is related on machine 0.0.0.1 (with ssl certificate)
cloud.mywebsite.com is related on machine 0.0.0.2 (without ssl certificate)
can I ask for a new SSL certificate for "cloud.mywebsite.com" or this will create issues because of domain/subdomain ?
Thanks for the response.
Instead of asking for a new SSL Certificate, you only need to get Wildcard SSL Certificate that will secure your main domain as well as its all sub-domains. For example:
If you get Wildcard SSL certificate for *mywebsite.com then it will secure,
https://cloud.mywebite.com
https://mail.mywebsite.com
https://photos.mywebsite.com
https://anything.mywebsite.com
So, you will not have to manage multiple SSL certificates for your main domain and its sub-domain. Wildcard SSL certificate will reduce the hassle of server administrators for multiple SSL management. I suggest you to read this article, which will give you clear understanding of Wildcard SSL Certificate.
So i want to setup a payment server with hibiscus (https://www.willuhn.de/products/hibiscus-server/)
and make the connection encrypted with a trusted certificate.
Hibiscus is basically a java servlet which creates a own self
signed ssl certificate, which acording to the author can not be
replaced with another ssl certificate because the private key is
used to encrypt other things.
So my idea is: Setup nginx with a proxy from port 443 to hibiscuses port
8080, tell nginx to trust the certificate of hibiscus and encrypt
nginx's 443 with a letsencrypt cert.
nginx would need to unpack the secure content form hibiscus and then
repack it as its own content right?
Does anyone now if this is possible and how?
All help is much appreciated
It's not secure. Self signed certificate is not trusted by all of the browsers since the certificate is not signed by any trusted CA, which means, user may suffer from a man-in-the-middle attack. Consider what will happen if I also make a payment server and publish my self signed certificate? User agent can not distinguish which one is real at all.
We are consuming xml from different datasources. Some are http and some are https. HTTPS with Verisign certificates are working without any issues. However, URLs with Deutsche Telekom Root certificate is not working. The web sphere application server is having the default root certificate which was generated while creating a WAS profile. Do I have to add any other special certificate to make Deutsche Telekom Root certificate work ? Any kind of help is much appreciated.
I don't think I know enough about your setup yet. So by default WebSphere creates it's own root certificate, nothing about it would trust a Verisign certificate. So I wonder about what you are using to make the https connection? It could be something that manages to bypass the WebSphere socket factories and you are actually using the JRE's default, and the cacerts file for trust. Verisign certs are in the cacerts file there are no Deutsche Telekom as far as I can tell.
Or was a Verisign certificate added to your WebSphere truststore at some time?
Typically you have establish trust to make WebSphere trust another server. Retrieving a certificate from a port is a good way to do that.
Alaine
Please, post the WAS version you use.
The reason you cannot setup the connection to ssl port is that WAS doesn't trust to the ssl certificate of the remote host.
You have to add the whole certificate chain of the remote host to the WAS truststore.
You can find the example of how to add the certificate by following link https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=8&cad=rja&uact=8&ved=0CE0QFjAHahUKEwiRy4zsztzGAhXCfHIKHVq-BfM&url=http%3A%2F%2Fwww.webspheretools.com%2Fsites%2Fwebspheretools.nsf%2Fdocs%2FBasic%2520SSL%2520terminalogy%2520and%2520Tips%2520for%2520WebSphere%2520Application%2520Server.Default%2520passwords%2520for%2520SSL%2520keyfile%2520and%2520Truststore.&ei=DwymVdGHDcL5yQPa_JaYDw&usg=AFQjCNE42W06AILWb99iYWiUp7EcbT92iw&sig2=KKYyvAsFET1Ae0fOLSl8zA&bvm=bv.97949915,d.bGQ