asked on
SSL Enable For Local Domain Link
ASKER
Thank you Alex for reply.
It's ok,
Right so basically you need to jump onto your webserver, assuming it's IIS follow this
https://knowledge.digicert.com/solution/SO14335.html
Regards
Alex
BTW, you'll probably still get the "Unsecured" bit at the top since it's not from a trusted CA, you could probably get around that if you push out your CA certificate too.
For .local sites you need to creata a CA certificate for your own organisation and then generate certificates based on those.
The CA certificate needs too be placed in the trusted stores of all your systems
Then you can use this certificate to issue certificates for domains you like. (openssl has a standard script name CA for this)
Other tools also exist xca ( https://hohnstaedt.de/xca/ ) , easyca ( https://sourceforge.net/projects/easyca/ )
For windows you can add a certificate management role to you AD servers.
ASKER
Please we need a solution for Chrome. Our application is configured in IIS.
You need to import he CA root certificate in browsers that have a private view on what CA's are safe.
Chrome does use the windows certificates. So your CA root certificate needs to be in the trusted store.
You may need to restart chrome session after installing the root-CA.
ASKER
What does the chrome padlock icon in the address bar tell you. It should tell you WHY the certificate is refused...
rightclick the padlock > Certificate > Certificate pathinfo
ASKER
The root certificate needs to be in the trust zone, the dates on ALL certificates and intermediates need to be still valid.
The bottom most certificate is from the site..., the top most should be from the root CA.
And there should be at least TWO certificates shown.
(A self signed certificate is NEVER trusted).
ASKER
Letsencruypt.org provides free CA certificates (just not for .local) like any CA certificate organisation cannot give you that.
letsencrypt has a maximum license validity of 3 months and it supplies the tools to renew automatically.
Then for windows there is the CA role for an AD server. You can use that to distribute & deploy a "YOUR DOMAIN" signed CA certificate from that tool
and issue server certificates from that.
OpenSSL contains the CA script to perform: requesting, signing, issueing of CA, intermediates or leaf certificates.
OpenSSL can be used by hand: https://workaround.org/certificate-authority/
Other tools are XCA (which has a GUI interface to be used on Linux/MAC?)...
You can run a docker: https://github.com/jig/docker-openssl
are you talking about a website or something? If it's an internal website you need to use your PKI to generate a SHA2 certificate. Alternatively you'll need to buy a cert and assign that.
You've given no details on what you're wanting to secure so this is best guess.
Thanks
Alex