Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

ssl certificate

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
User avatar
noproblem
Posts: 6
Joined: 2018-06-15 04:30
Location: Italy

ssl certificate

#1 Post by noproblem »

hi guys, I recently wanted to experience the raspberry pi, with raspbian9, as a web server with dinamic dns, basically to provide its service outside my home.
but I have an problem with the ssl's keys.
I'll explain better:
following the ways by the self-signed certificate, my browser don't wants to open my https's page, also if I assign the exception, for example with firefox.
the port 443 is open from the my router and it is in listening.
I tried also with other signature free in the ssl's directory as .pem .key .crt, but all signature give me the same error.
my procedure is the same described in the https://wiki.debian.org/Self-Signed_Certificate
where is my mistake? that I have omitted? is possible that my router is not suitable for the purpose? I have an tp-link td-w8968
has anyone had the same problems?
nothing is born from the diamonds ... the flowers are born from the manure

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: ssl certificate

#2 Post by debiman »

your browser will never trust a self-signed certificate.

edit: at least not out of the box.
Last edited by debiman on 2018-06-17 06:47, edited 1 time in total.

User avatar
noproblem
Posts: 6
Joined: 2018-06-15 04:30
Location: Italy

Re: ssl certificate

#3 Post by noproblem »

debiman wrote:your browser will never trust a self-signed certificate.
ok thanks for your answer, it was unfortunately what I feared .. so the free solutions can not be useful? will I have to resort to buying a certificate for my domain?
nothing is born from the diamonds ... the flowers are born from the manure

kedaha
Posts: 3521
Joined: 2008-05-24 12:26
Has thanked: 33 times
Been thanked: 77 times

Re: ssl certificate

#4 Post by kedaha »

noproblem wrote: .. so the free solutions can not be useful? will I have to resort to buying a certificate for my domain?
No, you don't need to buy a certificate. You can use LetsEncrypt, which is free in both senses of the word. I use it for both web and email.
DebianStable

Code: Select all

$ vrms

No non-free or contrib packages installed on debian!  rms would be proud.

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: ssl certificate

#5 Post by debiman »

kedaha wrote:You can use LetsEncrypt, which is free in both senses of the word.
that is debatable (i know th EFF endorses it, but still not convinced).
it is definitely free as in beer.
it is also "hosted" (whatever the correct term here is) in the USA; any non-US citizen should think long and hard whether they want to transfer even the samllest bit of their online dealings to that country.

kedaha
Posts: 3521
Joined: 2008-05-24 12:26
Has thanked: 33 times
Been thanked: 77 times

Re: ssl certificate

#6 Post by kedaha »

Another option might be CACert but I use Letsencrypt because it works well, is available from the main repository and is used for instance by debian.org and wiki.debian.org websites although not by these forums. :wink:
DebianStable

Code: Select all

$ vrms

No non-free or contrib packages installed on debian!  rms would be proud.

User avatar
noproblem
Posts: 6
Joined: 2018-06-15 04:30
Location: Italy

Re: ssl certificate

#7 Post by noproblem »

kedaha wrote: You can use LetsEncrypt, which is free in both senses of the word.
Interesting!! I take it into consideration thanks
debiman wrote: it is also "hosted" (whatever the correct term here is) in the USA; any non-US citizen should think long and hard whether they want to transfer even the samllest bit of their online dealings to that country.
ok, what would you recommend me?
kedaha wrote: Another option might be CACert
well now I have two tests to do, thanks for your advices!
nothing is born from the diamonds ... the flowers are born from the manure

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: ssl certificate

#8 Post by debiman »

noproblem wrote:what would you recommend me?
tell your browser to trust that self-signed certificate.
kedaha wrote:Another option might be CACert
unfortunately CAcert is not generally browser-trusted either.
but they are indeed NOT in the USA.

shep
Posts: 423
Joined: 2011-03-15 15:22

Re: ssl certificate

#9 Post by shep »


debiman wrote:
your browser will never trust a self-signed certificate.
This is not entirely true.

If the OP's intent is for the OP's browser, and only the OP's browser, to access his site, he can add the cert to openssl and rehash the certs.

http://www.gagravarr.org/writing/openss ... hers.shtml

Post Reply