ssl certificate

Kernels & Hardware, configuring network, installing services

ssl certificate

Postby noproblem » 2018-06-15 23:50

hi guys, I recently wanted to experience the raspberry pi, with raspbian9, as a web server with dinamic dns, basically to provide its service outside my home.
but I have an problem with the ssl's keys.
I'll explain better:
following the ways by the self-signed certificate, my browser don't wants to open my https's page, also if I assign the exception, for example with firefox.
the port 443 is open from the my router and it is in listening.
I tried also with other signature free in the ssl's directory as .pem .key .crt, but all signature give me the same error.
my procedure is the same described in the https://wiki.debian.org/Self-Signed_Certificate
where is my mistake? that I have omitted? is possible that my router is not suitable for the purpose? I have an tp-link td-w8968
has anyone had the same problems?
nothing is born from the diamonds ... the flowers are born from the manure
User avatar
noproblem
 
Posts: 6
Joined: 2018-06-15 04:30
Location: Italy

Re: ssl certificate

Postby debiman » 2018-06-16 07:05

your browser will never trust a self-signed certificate.

edit: at least not out of the box.
Last edited by debiman on 2018-06-17 06:47, edited 1 time in total.
User avatar
debiman
 
Posts: 3064
Joined: 2013-03-12 07:18

Re: ssl certificate

Postby noproblem » 2018-06-16 08:35

debiman wrote:your browser will never trust a self-signed certificate.


ok thanks for your answer, it was unfortunately what I feared .. so the free solutions can not be useful? will I have to resort to buying a certificate for my domain?
nothing is born from the diamonds ... the flowers are born from the manure
User avatar
noproblem
 
Posts: 6
Joined: 2018-06-15 04:30
Location: Italy

Re: ssl certificate

Postby kedaha » 2018-06-16 09:08

noproblem wrote: .. so the free solutions can not be useful? will I have to resort to buying a certificate for my domain?

No, you don't need to buy a certificate. You can use LetsEncrypt, which is free in both senses of the word. I use it for both web and email.
Mate DE & OSSv4.
LaMp, WordPress; ispmail
Debian Stable

Words, as is well known, are the great foes of reality. Joseph Conrad.
Kedaha's Conjecture
User avatar
kedaha
 
Posts: 2869
Joined: 2008-05-24 12:26

Re: ssl certificate

Postby debiman » 2018-06-16 12:40

kedaha wrote:You can use LetsEncrypt, which is free in both senses of the word.

that is debatable (i know th EFF endorses it, but still not convinced).
it is definitely free as in beer.
it is also "hosted" (whatever the correct term here is) in the USA; any non-US citizen should think long and hard whether they want to transfer even the samllest bit of their online dealings to that country.
User avatar
debiman
 
Posts: 3064
Joined: 2013-03-12 07:18

Re: ssl certificate

Postby kedaha » 2018-06-16 14:31

Another option might be CACert but I use Letsencrypt because it works well, is available from the main repository and is used for instance by debian.org and wiki.debian.org websites although not by these forums. :wink:
Mate DE & OSSv4.
LaMp, WordPress; ispmail
Debian Stable

Words, as is well known, are the great foes of reality. Joseph Conrad.
Kedaha's Conjecture
User avatar
kedaha
 
Posts: 2869
Joined: 2008-05-24 12:26

Re: ssl certificate

Postby noproblem » 2018-06-16 19:52

kedaha wrote:You can use LetsEncrypt, which is free in both senses of the word.

Interesting!! I take it into consideration thanks

debiman wrote:it is also "hosted" (whatever the correct term here is) in the USA; any non-US citizen should think long and hard whether they want to transfer even the samllest bit of their online dealings to that country.

ok, what would you recommend me?

kedaha wrote:Another option might be CACert

well now I have two tests to do, thanks for your advices!
nothing is born from the diamonds ... the flowers are born from the manure
User avatar
noproblem
 
Posts: 6
Joined: 2018-06-15 04:30
Location: Italy

Re: ssl certificate

Postby debiman » 2018-06-17 06:46

noproblem wrote:what would you recommend me?

tell your browser to trust that self-signed certificate.

kedaha wrote:Another option might be CACert
unfortunately CAcert is not generally browser-trusted either.
but they are indeed NOT in the USA.
User avatar
debiman
 
Posts: 3064
Joined: 2013-03-12 07:18

Re: ssl certificate

Postby shep » 2018-06-18 13:19


debiman wrote:
your browser will never trust a self-signed certificate.


This is not entirely true.

If the OP's intent is for the OP's browser, and only the OP's browser, to access his site, he can add the cert to openssl and rehash the certs.

http://www.gagravarr.org/writing/openssl-certs/others.shtml
shep
 
Posts: 229
Joined: 2011-03-15 15:22


Return to System configuration

Who is online

Users browsing this forum: reinob and 5 guests

fashionable