hi guys, I recently wanted to experience the raspberry pi, with raspbian9, as a web server with dinamic dns, basically to provide its service outside my home.
but I have an problem with the ssl's keys.
I'll explain better:
following the ways by the self-signed certificate, my browser don't wants to open my https's page, also if I assign the exception, for example with firefox.
the port 443 is open from the my router and it is in listening.
I tried also with other signature free in the ssl's directory as .pem .key .crt, but all signature give me the same error.
my procedure is the same described in the https://wiki.debian.org/Self-Signed_Certificate
where is my mistake? that I have omitted? is possible that my router is not suitable for the purpose? I have an tp-link td-w8968
has anyone had the same problems?
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
ssl certificate
Re: ssl certificate
your browser will never trust a self-signed certificate.
edit: at least not out of the box.
edit: at least not out of the box.
Last edited by debiman on 2018-06-17 06:47, edited 1 time in total.
Re: ssl certificate
ok thanks for your answer, it was unfortunately what I feared .. so the free solutions can not be useful? will I have to resort to buying a certificate for my domain?debiman wrote:your browser will never trust a self-signed certificate.
nothing is born from the diamonds ... the flowers are born from the manure
Re: ssl certificate
No, you don't need to buy a certificate. You can use LetsEncrypt, which is free in both senses of the word. I use it for both web and email.noproblem wrote: .. so the free solutions can not be useful? will I have to resort to buying a certificate for my domain?
DebianStable
Code: Select all
$ vrms
No non-free or contrib packages installed on debian! rms would be proud.
Re: ssl certificate
that is debatable (i know th EFF endorses it, but still not convinced).kedaha wrote:You can use LetsEncrypt, which is free in both senses of the word.
it is definitely free as in beer.
it is also "hosted" (whatever the correct term here is) in the USA; any non-US citizen should think long and hard whether they want to transfer even the samllest bit of their online dealings to that country.
Re: ssl certificate
Another option might be CACert but I use Letsencrypt because it works well, is available from the main repository and is used for instance by debian.org and wiki.debian.org websites although not by these forums.
DebianStable
Code: Select all
$ vrms
No non-free or contrib packages installed on debian! rms would be proud.
Re: ssl certificate
Interesting!! I take it into consideration thankskedaha wrote: You can use LetsEncrypt, which is free in both senses of the word.
ok, what would you recommend me?debiman wrote: it is also "hosted" (whatever the correct term here is) in the USA; any non-US citizen should think long and hard whether they want to transfer even the samllest bit of their online dealings to that country.
well now I have two tests to do, thanks for your advices!kedaha wrote: Another option might be CACert
nothing is born from the diamonds ... the flowers are born from the manure
Re: ssl certificate
tell your browser to trust that self-signed certificate.noproblem wrote:what would you recommend me?
unfortunately CAcert is not generally browser-trusted either.kedaha wrote:Another option might be CACert
but they are indeed NOT in the USA.
Re: ssl certificate
This is not entirely true.
debiman wrote:
your browser will never trust a self-signed certificate.
If the OP's intent is for the OP's browser, and only the OP's browser, to access his site, he can add the cert to openssl and rehash the certs.
http://www.gagravarr.org/writing/openss ... hers.shtml