SSL Certificate only works within Local Network - windows

I am running windows server 2003 standard and have installed the ssl cert as per Godaddy's instructions. Let me know what information you need from me. Attempting to access the website securely outside of our network the page does not load. Thanks in advance!

Although it would help if you provided more information (like what error the clients are getting), I’m going to guess that you are missing the intermediate certificates that GoDaddy uses. These need to be installed on the server where the SSL certificate is installed.
Follow the procedure here.

Related

Google Maps API not working on Kubernetes deployment

Laravel application deployed on Kubernetes and making requests to https://maps.google.com/maps/api/geocode/json failing with:
SSL routines:tls_process_server_certificate:certificate verify failed
The same application works when running on Docker.
I have appended Google's Root CA certs from here https://developers.google.com/maps/root-ca-faq#what_is_happening to the server's trust store but no luck there either.
I can disable verification but that's not the correct approach.
Any ideas would be much appreciated.
Thanks.
According to the OP, the solution was:
The issue was that our security team scans external certificates and
re-package them with the company's own cert. Once I added the
company's cert to the trust store, everything worked fine. It seems
it's only an internal issue.

How to create a SSL certificate for a website being hosted in a IIS 7?

I'm trying to create a SSL certificate for an "old“ website being hosted in an IIS 7 server. The website currently uses http, but I will like to start using https. I'm trying to find the best and easiest way to do this, but I'm getting confused in what to do and how to do it.
I have tried reference articles like this https://www.digicert.com/kb/csr-ssl-installation/iis-7.htm#ssl_certificate_install and some other youtube videos, but
I cannot event get the application DigiCert to open on the windows machine (to buy a certificate)
It seems I have to buy the certificate for ~ $200 ??
Are there any (free ?) or other methods to make my current http site use https. I know certbot does this for me on nginx servers, but how to accomplish this on a windows server?
Thanks
You can generate a self-signed certificate from https://www.selfsignedcertificate.com/.
You can also request a trusted certificate for free from Certbot.
Or you purchase it from a trusted CA. Eg. Sectigo.
Easiest way is using certbot from Let's encrypt. You can choose Windows there as system. Also see https://community.letsencrypt.org/t/how-to-generate-a-ssl-certificate-for-iis-7-0-or-7-5/29467 .

SSL certificate - Use Client certificate installed on server for local testing - Mutual authentication

I have been working with web services connecting to URLs provided by different clients and so far it has all been done using one-way authentication. Now I'm asked to enable 2-way (mutual) authentication for one of the clients. I did a lot of research and reading but still confused about a lot of things.
I could test successfully on my local machine following instructions from various different articles. But the problem is now to deploy it in production.
Here's what I did for testing: I created a test Web service Host and assigned it a self-signed certificate and created a client to test this. After this I created a client certificate using makecert and verified that this is installed via MMC. I then modified my Host app to only allow clients with certificate and tested from client to see the connection refused due to not providing the client certificate. Then I modified the bindings in the client application to include the certificate name and I was able to connect to the Host successfully. So this completes local hosting.
Now the real problem. The tech team is going to create a certificate in "cert store" on the server. And I need to test again to make sure everything works as expected. We have a few different developers who all want to test on their machines on their local code. Can we all use the same certificate somehow? I don't think we would be allowed to import the certificate but what suggestions could I give them so all of us can use the same certificate?
I'm also confused about issues like difference between windows certificate and IIS certificate. What advantages would the IIS certificate provide?
Thanks for help!
Edit: Could one of the differences between installing on IIS be so that the hosted sites be accessed via SSL connection? This would mean we don't really need to install on IIS if it's just a client certificate. Is this correct?

Having trouble authenticating in Drush with SSL

My Drupal site is hosted at Pantheon (getpantheon.com), I'm using Drush on a Windows 7 x64 machine. I was reading this article on commands using Drush + Terminus (a special Drush extension for Pantheon sites):
https://www.getpantheon.com/blog/five-steps-feeling-drush
I want to be able to use both Drush and Terminus to quickly and efficiently manage my Pantheon Drupal sites.
I installed Terminus fine and was able to issue all the drush-related commands and connect to the server. However, when I got to the part about using 'pauth' to authenticate and use the actual Terminus commands my authentication was successful but then on the part where it's supposed to say 'Success!' :) It says instead:
Dashboard unavailable: SSL certificate problem: unable to get local issuer certificate
Pantheon told me:
This is due to Windows not bundling an Internet-friendly set of Certificate Authority (CA) certs with curl. Check Stack Overflow or the like for a bunch of solutions
Any suggestions on how to proceed? I'm not familiar with cURL at all, so something basic would be great, thanks.
Still new here...figuring this out. I should have done more research :p I found the answer here:
AWS SSL security error : [curl] 60: SSL certificate prob...: unable to get local issuer certificate
Once I'd downloaded the .pem file and saved it in a directory and referenced it from php.ini I was good to go.

Google Chrome doesn't trust mitmproxy's certfificates

I'm running mitmdump (from mitmproxy) on my Macbook Pro, and I'm connecting to the proxy through my Windows desktop PC.
However, Chrome (running on the PC) refuses to connect to so many sites because of the invalid certificates which mitmproxy provides.
Chrome throws the error: ERR::NET_CERT_AUTHORITY_INVALID
Here's what mitmdump shows:
But why? What's wrong with mitmproxy's certificates, why can't it just send back google's as if nothing happened?
I'd like to know how I can fix this and make (force) my desktop PC to connect to any website through my Macbook's mitmproxy.
Answering this question for people who may find this important now. To get the proxy working, you have to add the certificate as trusted in your browser.
For windows follow this: https://www.nullalo.com/en/chrome-how-to-install-self-signed-ssl-certificates/2/
For linux follow this: https://dev.to/suntong/using-squid-to-proxy-ssl-sites-nj3
For Mac-os follow this: https://www.andrewconnell.com/blog/updated-creating-and-trusting-self-signed-certs-on-macos-and-chrome/#add-certificate-to-trusted-root-authority
There are some additional details in the above links; tldr; import the certificate in your chrome://settings url and add the certificate as trusted. That shall do.
This will make your browser trust your self-signed certificate(mitm auto generated certificates too.)
The default certificates of mitmproxy is at ~/.mitmproxy/ directory.
Per the Getting Started page of the docs you add the CA by going to http://mitm.it while mitmproxy is running and selecting the operating system that you are using. This should solve your problem and will allow https sites to work with mitmproxy.
This is the expected behavior.
mitmproxy performes a Man-In-The-Middle attack to https connections by providing on-the-fly generated fake certificates to the client while it keeps communicating to the server over fully encrypted connection using the real certificates.
This way the communication between client and proxy can be decrypted. But the client has to actively approve using those fake certificates.
If that wasn't the case then SSL would be broken - which it isn't.
The whole story is very well explained here:
http://docs.mitmproxy.org/en/stable/howmitmproxy.html

Resources