I have already set up a DNS record to point my domain to the ec2 instance IP. Next, I don't know how to configure an ssl certificate on Apache that is running on a Windows server. I already have ssl certificate details.
Check out for the conf/httpd.conf in apache that is where you need to edit and add ssl..checkout this link but now you can use letecrypt certificate or any other instead of the one in the link..Or you can use any other the process is the same https://www.entrust.com/knowledgebase/ssl/how-to-configure-an-entrust-ssl-certificate-on-apache-for-windows
Related
I have followed the below steps to make it https but still i am seeing the site is insecure.. what else i am missing?
Uploaded content in S3 Bucket
Created EC2 Instance with security group for port 22 and 80 to allow 0.0.0.0/0
Installed apache and started the services in the ec2 instance
Created ELB and added listeners to route
http to https
https to target group
Registered Target and when I launch url (DNS name in ELB), I am getting still insecure..
Thanks,
Chandra
when I launch url (DNS name in ELB)
You can't use the ELB's DNS name if you want to use SSL, because you won't be able to have an SSL certificate that matches that DNS name. You have to point a domain name at the ELB that you own, and use an SSL certificate that matches that domain name.
how can i use the external ip of my centos7 instance with https, like for example https://external_ip to open an application like https://external_ip:Port/my_application
Generate a self-sign certificate using openssl.
Check this out here:
https://stackoverflow.com/a/10176685/9662626
Open a https port on your webserver. Set the certificate in the config (I can't be specific here because I don't know about your operating system and your choice of web server). Finally setup a reverse proxy to proxy the web server port to your app port.
What is the easiest way to route an externally hosted domain to my VM instance on GCP (with a fixed IP) and connect over HTTPS? Currently only HTTP works, forwarded via the entry in the A Records. Which service is best suited for this on GCP? I am happy about every suggestion.
You can point your domain to VM via adding A record in DNS. For managing the https you can setup the nginx or apache and generate or add the SSL/TLS certificate there.
For generating free SSL/TLS certificate you can use : https://certbot.eff.org/
it's easy to manage and install the SSL/TLS certificate with certbot also it's having functionality of auto-renewal of certificates.
Thank you very much. Certbot looks good. :)
A) Currently I have the following configuration:
Domain at Active24 (A record points to server)
Server is Alfresco on a VM instance on GCP
Server is Apache Tomcat on Debian 9
I can manage on the command line, but it's not my daily business.
I installed Certbot and had the certificate installed (sudo certbot --apache)
B) Now, after installing Certbot, here's the situation:
When I open the URL/Domain I get to the Alfresco Login Screen. Browser does not show HTTPS.
After entering my login data, HTTPS appears, but I cannot access the Share environment. Instead I see an Alfresco error page with a button to return to the dashboard.
When I click on the "Back to Dashboard" button, I return to the login screen.
I think I still have to configure Apache to forward to the appropriate destinations. But I can't find any instructions for this.
C) My next questions are:
Did Certbot install an additional server as a proxy, or did it configure the existing one?
In which directory do I find the appropriate server settings?
Thanks a lot!
How can I secure my site from http://my_site to https://my_site
I am running Apache Tomcat and I have the AWS Certificate and Elastic Load Balancer having my EC2 instance.
Essentially you cannot add Amazon issued certificates to Tomcat: you cannot retrieve the private key of the certificate.
However, you can deploy the certificate on ELB (elastic load balancer).
You have to ensure that ELB is listening on port 443.
You will find step by step instructions on AWS documentation (http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-create-https-ssl-load-balancer.html#create-https-lb-clt).
Apparently you can download your private certificate's keys now - https://docs.aws.amazon.com/acm/latest/userguide/export-private.html
I am working to setup my application to watch calendar events through Google's Calendar API. In doing so I must setup a "Push" endpoint on my server that has a valid SSL certificate (not self-signed).
My production environment is running on Heroku so setting up an SSL cert was easy using Expidited SSL. I have two CNames setup in GoDaddy, one for my production application and one for my development environment tunneled through ngrok. I'm using the paid ngrok feature of white labeled domain tunneling (dev.mydomain.com).
Host Points To
www saga-1234.herokussl.com
dev ngrok.com
The problem is that my ssl certificate is recognized when you hit the production application (www.mydomain.com), but it uses ngrok's certificate when you visit the development application (dev.mydomain.com).
How can I setup my ngrok tunnel to use my ssl certificate?
Ngrok's white labeled domain does not support HTTPS if you are using your own domain. Simply because it serves it's own certificate, where you need to serve your domain's. That's why you are getting certificate mismatch issue.
Here's what you could do to watch calendar events on your dev machine:
Point ngrok.mydomain.com to another server, let's say a new EC2
micro instance
Point wildcard CNAME to ngrok.mydomain.com
Compile ngrok server and client to use your certificate (rather than
ngrok.com)
Run the ngroku-server on EC2 instance
On your dev machine config the client to use ngrok.mydomain.com instead of ngroku.com
Run ngrok -subdomain=dev 80
Your local dev machine's 80 port should be accessible via https://dev.mydomain.com
This is really cool and is very helpful when debugging Google's webhooks, which require valid HTTPS and a verified root domain name.
Another interesting trick is to use CloudFlare's universal SSL to have a valid https://dev-machine.mydomain.com pointing to your dev machine without purchasing a certificate. The steps are exactly the same except that you need to issue your own certificate for ngrok client-server communications and use CloudFlare's Flex SSL for dev-machine.yourdomain.com.
ngrok has a new feature that tunnels and terminates SSL. Thus you can use your own domain and HTTPS. No need to open ports in your router or PC. They call it TLS Tunneling. The following is a link to a GitHub repos that describes how to do it.
How to use your own domain to access your home PC over the internet. Use HTTPS without raising SSL errors.