ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Best CA for SSL Certificates

    Scheduled Pinned Locked Moved IT Discussion
    39 Posts 17 Posters 4.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jrcJ
      jrc
      last edited by

      My first question here would be what type of certs? For DV certs, then I'd say go with LE like everyone says. But if you need EV or Wildcard then you'll need to buy some. I suggest DigiCert.

      Stay the hell away from Register.com for certs. Their customer support is horrid and they just re-sell certs and do not allow their customers to speak to the actual CA for support, so any issues take forever to get solved.

      scottalanmillerS 1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @jrc
        last edited by

        @jrc said in Best CA for SSL Certificates:

        Stay the hell away from Register.com ...

        period.

        1 Reply Last reply Reply Quote 0
        • Emad RE
          Emad R @scottalanmiller
          last edited by

          @scottalanmiller

          but how for the life of me I am unable to get valid SSL certficate on webserver running centos 6.8 with apache.

          The issue is that this server does not have domain, people access it using it is private IP:
          192.168.1.139

          How can I create an SSL for IP internal server, some users fail to click Advanced then proceed to this website in Google Chrome.

          And this internal server will remain internal and their is no need for it to be on WAN or the internet currently or the near future, what are my options ? even adding the certificate on users machines in Windows Trusted root certificate does not work for some reason, and is there any other option besides adding the certificates manually, can I use Wild Card SSL cert for this scenario ?

          travisdh1T coliverC 2 Replies Last reply Reply Quote 0
          • travisdh1T
            travisdh1 @Emad R
            last edited by

            @msff-amman-Itofficer You're probably seeing apps that do not use the Windows certificate management, Chrome would be one example. Those apps will need the certificate added as well.

            1 Reply Last reply Reply Quote 0
            • coliverC
              coliver @Emad R
              last edited by

              @msff-amman-Itofficer said in Best CA for SSL Certificates:

              @scottalanmiller

              but how for the life of me I am unable to get valid SSL certficate on webserver running centos 6.8 with apache.

              The issue is that this server does not have domain, people access it using it is private IP:
              192.168.1.139

              How can I create an SSL for IP internal server, some users fail to click Advanced then proceed to this website in Google Chrome.

              And this internal server will remain internal and their is no need for it to be on WAN or the internet currently or the near future, what are my options ? even adding the certificate on users machines in Windows Trusted root certificate does not work for some reason, and is there any other option besides adding the certificates manually, can I use Wild Card SSL cert for this scenario ?

              Why are they accessing it via IP address? Seems like it would be much more beneficial to use DNS, it will be easier for users and you won't run into this certificate issue.

              travisdh1T 1 Reply Last reply Reply Quote 3
              • travisdh1T
                travisdh1 @coliver
                last edited by

                @coliver said in Best CA for SSL Certificates:

                @msff-amman-Itofficer said in Best CA for SSL Certificates:

                @scottalanmiller

                but how for the life of me I am unable to get valid SSL certficate on webserver running centos 6.8 with apache.

                The issue is that this server does not have domain, people access it using it is private IP:
                192.168.1.139

                How can I create an SSL for IP internal server, some users fail to click Advanced then proceed to this website in Google Chrome.

                And this internal server will remain internal and their is no need for it to be on WAN or the internet currently or the near future, what are my options ? even adding the certificate on users machines in Windows Trusted root certificate does not work for some reason, and is there any other option besides adding the certificates manually, can I use Wild Card SSL cert for this scenario ?

                Why are they accessing it via IP address? Seems like it would be much more beneficial to use DNS, it will be easier for users and you won't run into this certificate issue.

                Ah, I missed that part. @coliver is correct.

                1 Reply Last reply Reply Quote 0
                • WLS-ITGuyW
                  WLS-ITGuy
                  last edited by

                  I have set two of my sites to use Let's Encrypt now. I have it set to redirect http to https. I would assume I disable http on the site so that it doesn't allow that traffic, yes?

                  JaredBuschJ BRRABillB 2 Replies Last reply Reply Quote 0
                  • JaredBuschJ
                    JaredBusch @WLS-ITGuy
                    last edited by

                    @WLS-ITGuy said in Best CA for SSL Certificates:

                    I have set two of my sites to use Let's Encrypt now. I have it set to redirect http to https. I would assume I disable http on the site so that it doesn't allow that traffic, yes?

                    If you are redirecting, you have no need to disable http. You can of course. But then you also do not need the redirect.

                    1 Reply Last reply Reply Quote 2
                    • scottalanmillerS
                      scottalanmiller
                      last edited by

                      Jared is correct, redirection is only a thing if HTTP is up and running.

                      1 Reply Last reply Reply Quote 0
                      • BRRABillB
                        BRRABill @WLS-ITGuy
                        last edited by

                        @WLS-ITGuy said in Best CA for SSL Certificates:

                        I have set two of my sites to use Let's Encrypt now. I have it set to redirect http to https. I would assume I disable http on the site so that it doesn't allow that traffic, yes?

                        That is actually a good question.

                        If you are redirecting, does http need to be open on the firewall, since the original traffic is coming in on it?

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @BRRABill
                          last edited by

                          @BRRABill said in Best CA for SSL Certificates:

                          @WLS-ITGuy said in Best CA for SSL Certificates:

                          I have set two of my sites to use Let's Encrypt now. I have it set to redirect http to https. I would assume I disable http on the site so that it doesn't allow that traffic, yes?

                          That is actually a good question.

                          If you are redirecting, does http need to be open on the firewall, since the original traffic is coming in on it?

                          Yes, if HTTP isn't there and working, how can it do the redirect?

                          BRRABillB 1 Reply Last reply Reply Quote 0
                          • BRRABillB
                            BRRABill @scottalanmiller
                            last edited by

                            @scottalanmiller said in Best CA for SSL Certificates:

                            @BRRABill said in Best CA for SSL Certificates:

                            @WLS-ITGuy said in Best CA for SSL Certificates:

                            I have set two of my sites to use Let's Encrypt now. I have it set to redirect http to https. I would assume I disable http on the site so that it doesn't allow that traffic, yes?

                            That is actually a good question.

                            If you are redirecting, does http need to be open on the firewall, since the original traffic is coming in on it?

                            Yes, if HTTP isn't there and working, how can it do the redirect?

                            Magic, of course.

                            1 Reply Last reply Reply Quote 0
                            • NashBrydgesN
                              NashBrydges @JaredBusch
                              last edited by

                              @JaredBusch I setup a cert for a Windows server just this morning using this...

                              https://github.com/Lone-Coder/letsencrypt-win-simple

                              Absolutely flawless on initial cert binding and scheduled task creation for renewal. Guess I'll have to wait the 89 days to see if renewal works as easily as the initial setup did.

                              JaredBuschJ 2 Replies Last reply Reply Quote 0
                              • JaredBuschJ
                                JaredBusch @NashBrydges
                                last edited by

                                @NashBrydges said in Best CA for SSL Certificates:

                                @JaredBusch I setup a cert for a Windows server just this morning using this...

                                https://github.com/Lone-Coder/letsencrypt-win-simple

                                Absolutely flawless on initial cert binding and scheduled task creation for renewal. Guess I'll have to wait the 89 days to see if renewal works as easily as the initial setup did.

                                Assuming that it works like certbot and the standard LE renew conf files are used, it should renew at 90 days.

                                1 Reply Last reply Reply Quote 1
                                • JaredBuschJ
                                  JaredBusch @NashBrydges
                                  last edited by

                                  @NashBrydges said in Best CA for SSL Certificates:

                                  @JaredBusch I setup a cert for a Windows server just this morning using this...

                                  https://github.com/Lone-Coder/letsencrypt-win-simple

                                  Absolutely flawless on initial cert binding and scheduled task creation for renewal. Guess I'll have to wait the 89 days to see if renewal works as easily as the initial setup did.

                                  Just looked at that project and realized I looked at it back in December. Not stable enough for my tastes based on reading the pull requests and open issues.

                                  1 Reply Last reply Reply Quote 0
                                  • DanpD
                                    Danp @JaredBusch
                                    last edited by

                                    @JaredBusch said in Best CA for SSL Certificates:

                                    Yeah, Windows just is not there yet. Someone will get a solid application wrote eventually.

                                    Ran across Certify for Windows just now. Anybody tried it yet?

                                    IRJI 1 Reply Last reply Reply Quote 1
                                    • IRJI
                                      IRJ @Danp
                                      last edited by IRJ

                                      @Danp said in Best CA for SSL Certificates:

                                      @JaredBusch said in Best CA for SSL Certificates:

                                      Yeah, Windows just is not there yet. Someone will get a solid application wrote eventually.

                                      Ran across Certify for Windows just now. Anybody tried it yet?

                                      Here's the GitHub page for it.

                                      https://github.com/webprofusion/certify

                                      It looks cool, but I'd be wary to use in anything even close to production. I might try it on a secluded test server, since the project is in alpha.

                                      1 Reply Last reply Reply Quote 0
                                      • IRJI
                                        IRJ
                                        last edited by IRJ

                                        This line on GitHub about the project makes me even more weary:

                                        Time spent on developing Certify is extremely limited. If you have a bug or feature and you can fix the problem yourself please just:

                                        File a new issue
                                        Fork the repository
                                        Make your changes
                                        Submit a pull request, detailing the problem being solved and testing steps/evidence
                                        If you cannot provide a fix for the problem yourself, please file an issue and describe the fault with steps to reproduce. General issues which cannot be easily reproduced are likely to be ignored, sorry!

                                        dafyreD 1 Reply Last reply Reply Quote 0
                                        • dafyreD
                                          dafyre @IRJ
                                          last edited by

                                          @IRJ said in Best CA for SSL Certificates:

                                          This line on GitHub about the project makes me even more weary:

                                          Time spent on developing Certify is extremely limited. If you have a bug or feature and you can fix the problem yourself please just:

                                          File a new issue
                                          Fork the repository
                                          Make your changes
                                          Submit a pull request, detailing the problem being solved and testing steps/evidence
                                          If you cannot provide a fix for the problem yourself, please file an issue and describe the fault with steps to reproduce. General issues which cannot be easily reproduced are likely to be ignored, sorry!

                                          At least they're up front about expectations.

                                          JaredBuschJ 1 Reply Last reply Reply Quote 1
                                          • JaredBuschJ
                                            JaredBusch @dafyre
                                            last edited by

                                            @dafyre said in Best CA for SSL Certificates:

                                            @IRJ said in Best CA for SSL Certificates:

                                            This line on GitHub about the project makes me even more weary:

                                            Time spent on developing Certify is extremely limited. If you have a bug or feature and you can fix the problem yourself please just:

                                            File a new issue
                                            Fork the repository
                                            Make your changes
                                            Submit a pull request, detailing the problem being solved and testing steps/evidence
                                            If you cannot provide a fix for the problem yourself, please file an issue and describe the fault with steps to reproduce. General issues which cannot be easily reproduced are likely to be ignored, sorry!

                                            At least they're up front about expectations.

                                            And the rest of it's just boilerplate submit an issue

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 2 / 2
                                            • First post
                                              Last post