O
O
Outoverlay2016-03-22 14:17:44
Nginx
Outoverlay, 2016-03-22 14:17:44

Created a self-signed certificate but didn't get https?

There is a site on which a certificate was purchased. It has https.
There is a second site on http.
You need to somehow connect this site to the first site with https.
There are no longer browsers that allow mixed protocols.
Because I have many such sites. And the money to buy a certificate for each site would be stupid.
Moreover, there is no need to encrypt anything.
Created my certificate. But https didn't work - reason:
xxxxxx.com is using an invalid security certificate. The certificate is not trusted because it is self-signed. Something can be done about it. Verify somehow?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
C
CityCat4, 2016-03-22
@Outoverlay

There is not one question, but three...
1. Why do I need https
2. Why is a self-signed certificate unsafe
3. What is the difference between a self-signed certificate and a certificate issued by a trusted organization
So.
1. https, only needed so that chrome does not light a red flag (latest versions have already begun to mark such sites) - this is something like installing Windows 10 pre-alpha - cool, because it's new. If there is nothing to encrypt, do not encrypt and do not care about the checkbox. If the site is selling and don't care - kill the toad and buy a certificate from the CA. Climbing a Christmas tree and not scratching your ass will not work
2. A self-signed certificate is insecure because no one guarantees the veracity of the data that is in it. It's like taking a piece of paper and writing "Passport" on it - no one bothers to write. Nobody will believe. In order for such a certificate to be trusted, it must be added to the root certificate store - and on all computers that will access it. That's why, if the site is selling and you even care about the flag so much - how will you explain to the user so that he downloads your certificate for himself and adds it to the root? Moreover, for example, on Windows Mobile, this cannot be done in principle (on non-rooted)
3. A certificate issued by a trusted organization is different in that the certificate of the organization itself has already been added to all stores of all browsers - and all certificates issued by it are considered trusted. This is the danger of free certificate distributors - it may either not be from the certificate, or it will be "suspicious". Once again - if the site is selling - kill the toad and buy a normal certificate from a normal CA. Savings on free certificates can go sideways.

Y
Yuri Chudnovsky, 2016-03-22
@Frankenstine

Since SSL is installed even before the requested host is specified, there is a rule for HTTPS: one IP - one domain.
And so that the browser does not swear at a self-signed certificate, you need to make this certificate trusted. This is done slightly differently for different browsers.
Perhaps it will be easier for you to use the https://letsencrypt.org service ?

I
Ivan Moiseev, 2016-03-22
@mo1seev

This is what certificates are for.
An SSL certificate is issued for a specific domain name of your website. And it cannot be transferred to another domain name (otherwise the whole point of SSL will be lost in the bud. Your certificate is self-signed - that is, not verified. Which is what the browser warns you about. Nothing can be done with this certificate.
To solve the problem, use a certificate with Let's Encrypt
Detailed manual here:
https://habrahabr.ru/post/270273/
And do not forget that these certificates are given for up to 90 days.Either set up auto-update, or renew the certificate yourself every 3 months.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question