0

I'm new to this whole section of generating certificates and recently started working on it for the application that I'm working on. I installed apache2 and further looked into sites - drissamri.be, linode.com and akadia.com and some SO questions. From these sites, I was able to generated the certificate, the crt, csr and key files. After completing all the steps mentioned in these sites, the website is opening in the browser but the 'https://' gets a red slash on it.

Where am I missing here?

Edit- The certificate that I'm working on is a self-signed certificate.

Also, when I open the website in one machine it opens with the following view, and when I open in an other machine the website doesn't open with an error - Your connection is not private.

For reference purpose, here's the screenshot :-

Certificate Error

(Let me know if any more details are required.)

HardikT
  • 101
  • 4
  • If you click on the red triangle.you would get the exact reason why your browser is not trusting the certificate. Yours is a self-signed certificate i believe. Did you import your certificate in the browsers..? – varun Dec 29 '16 at 05:18
  • @varun yes, its a self-signed certificate. I missed mentioning that in my question. And regarding the certificate importing part, I dont have much idea about it, and haven't done any importing as such. *Could you maybe give some reference for this?* – HardikT Dec 29 '16 at 05:32
  • can you mention the exact reason for the error. Please click on the red triangle to get that info. – varun Dec 29 '16 at 05:40

3 Answers3

1

self-signed certificates are not recognized by Browsers as valid, so they will always complain about them unless you add the public certificate (x509) to the list of trusted CA's if your favourite browser.

This has nothing to do with the HTTP Server software you are using or anything else regarding configuration in it, the fact that it loads and the browser complains about it means precisely that you configured your server correctly, just that browsers are designed to complain about the certificate you are using.

Daniel Ferradal
  • 2,415
  • 1
  • 8
  • 13
  • Okay. And is it possible, by any chance, that I can open my application with `https://`, with a self-signed certificate and not using a CA certificate? Or is it possible to create my own CA certificate? – HardikT Dec 29 '16 at 12:06
  • it is possible of course, but that won't help browsers from complaining about it, but pay attention to the warning messages you get, browsers complain, but still will let you see the content of the webpage anyways if you want to. They just "warn" you, you can safely ignore them if its your own site. – Daniel Ferradal Dec 29 '16 at 12:12
0

I posted a question yesterday that may help as I was starting to secure my Apache by enabling SSL/TLS and import a CA certificate.

CA certificate recommend or not for a blog contain website?

After enable SSL/TLS on my Apache I used certbot to request a free CA certificate from Letsencrypt (https://letsencrypt.org/getting-started/):

curl -O https://dl.eff.org/certbot-auto

chmod +x certbot-auto

mv certbot-auto /usr/local/bin/certbot-auto

certbot-auto certonly --standalone -d example.com

vi /etc/httpd/conf.d/ssl.conf

Edit SSLCertificatesFile value to : /etc/letsencrypt/live/example.com/fullchain.pem

Edit SSLCertificatesKeyFile value to : /etc/letsencrypt/live/example.com/privkey.pem

Community
  • 1
Alexandre Roux
  • 470
  • 1
  • 6
  • 20
0

Generally, Self-signed Certificates are being used for the practical purpose only, but your browser will fail to identify the author of that certificate as it only accepts SSL Certificates which are signed and verified by a trusted SSL Authority.

You need to configure your Self-signed SSL certificate into your browser, which helps it trust your SSL and allow you to deal with a secured environment.

Here's how you can configure your SSL certificate into your browser.

Jake Adley
  • 137
  • 4