Free TLS certificate not throwing a danger warning in Chrome?

U

user.2019-02-23 16:03:13

TLS

user., 2019-02-23 16:03:13

Good afternoon,
actually the question is, is it possible to create a TLS / SSL certificate that does not throw warnings in Chrome? By warning, I mean a red inscription like this site is not reliable and the data may be intercepted by third parties, etc. (I don’t remember verbatim already)

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

F

Fedor, 2019-02-23
@keine-lust

Letsencrypt - provided that your server is accessible from the Internet and it has a domain name (it won't work with server.local, Letsencrypt authenticates your domain). After that, it gives you a certificate for 3 months, then you can extend it.

G

Georg Gaal, 2019-03-14
@gecube

Let's Encrypt can also be used offline. It has two validation mechanisms. HTTP01 and DNS01. The first requires the host to be accessible from the Internet (not good). The second - does not require, but requires access to change DNS records. This only works well for cloud providers (Azure, Amazon Route53, Google Cloud... and CloudFlare). Therefore, briefly - yes, you can write out LE for yourself without the Internet.
On the other hand, it is possible to assemble automation that will receive the necessary certificates on a node with Internet access, and then somehow from a closed loop you can already pick them up from there ... But that's it.
Regarding TLS/SSL without signature. No one bothers to install a self-signed certificate on the server. The main thing is that its Common Name should match the FQFN that you use to access the server. Direct IP will not work!!! This is a verification feature. So. You add the self-signed certificate to the computer's trusted store, where there is a red lock with a cross.... magic.... and the lock turns green.