Problem Summary:
Hi i have one wildcard ssl which is installed in IIS on AWS EC2 instance.
This is working fine
Now i need to create another EC2 instance and use same ssl to the new instance IIS.
Current Stage:
I created new instance and installed IIS and working fine. I have http and https inbound access so currently i can access default IIS page from outside with instance public address.
Now i installed same SSL certificate in the IIS. I configured ssl in my new website and done. But this is not working. When i try with https i got 404.
Please help me to identify the issues.
Any restriction to use wildcard in multiple instances' IIS in same account
Any correct method to do this? I don't dont want load balancer now
Update:
I tried to configure in my local machine.
Step 1: I created a sample WebAPI and run in 8090 port with http. It shows like below as expected.
Step 2: I added https bindings with my ssl certificate but not gave any host name.
Step 3: Now I added sample host name (ssltest.mydomain)
I didn't get any idea on this. Please help
Any restriction to use wildcard in multiple instances' IIS in same account
There are no restrictions on how often a certificate can be used
Any correct method to do this?
There is nothing special about it, i.e. there is no difference between installing two different certificates on two hosts or the same certificate on two hosts. You likely did something wrong but it is unclear what exactly.
Note that a HTTP response code 404 actually means that the certificate itself is working since otherwise you would get a certificate error which comes before the HTTP response. So there is likely some misconfiguration which is not related to the certificate.
Related
Dear Stackoverflow community. This question has been asked before, but my question is little bit different.
So I am using Elasticbeanstalk to deploy my Django Backend and RDS for database (PostgreSQL).
EB generated a link for my backend --> http://XXXXX.region.elasticbeans.com. The issue is that when I send a request from the frontend side (HTTPS), it gives a "Blocked loading mixed active content" error, which comes from HTTPS to HTTP request. As far as I am concerned I have to change configuration of the Load Balancer of my EC2 instance and add redirection. In order to successfully do that I am required to have a SSL certificate. However, when I use ACM (Certificate Manager) in order to generate one using the exact same link for the backend, it automatically rejects my request.
So my question is that what is the exact process of obtaining the SSL cert. for the default EB link, or maybe there are easier ways to redirect HTTP to HTTPS from the AWS console?
Regards.
So my question is that what is the exact process of obtaining the SSL cert. for the default EB link,
There is no process as this is not possible. You need to have your own domain (e.g. myapp.com). Only then you can setup SSL using ACM. Once you have your own domain, the full process of setting up https on EB is in AWS docs.
I have a website hosted with amazon aws, ec2 server. If you don’t know, ec2 gives me a Windows Server I can access with remote desktop where I install IIS ect… I am using Web.Forms(with aspx files)
I have a DNS with GoDaddy. I am using Forwarding because I want to direct it to a specific aspx page, rather than just an IP address.
I bought an SSL certificate with GoDaddy.
Steps I have taken:
1) Steps 1-7 here: https://uk.godaddy.com/help/manually-install-an-ssl-certificate-on-my-iis-10-server-27349
2) I followed all the steps here: https://uk.godaddy.com/help/manually-install-an-ssl-certificate-on-my-aws-server-32075
3) I followed these steps: https://uk.godaddy.com/help/redirect-my-website-to-https-in-pleskwindows-27873 -- After doing these steps, http does not work anymore(which is expected)
4) I configured Windows Firewall to allow inbound and outbound to ports 80 and 443
5) I have seen this: HTTPS setup in Amazon EC2
Is there anything I am missing? I have a feeling the solution is going to be super easy, once it is discovered of course.
Forget that it's running on AWS. Once you get the website working inside the instance, it's all about just allowing port 443 on the security group to make it accessible from outside the instance.
Steps to troubleshoot,
ensure the endpoint exists
make sure the website works inside the instance with https enabled, if this step works fine, you are almost done.
Adjust the EC2 security groups to allow port 443 from everywhere.
1) So the problem was with GoDaddy’s DNS. While GoDaddy gives you the option to Forward an https address, they actually do not support https with Forwarding! https://uk.godaddy.com/community/SSL-And-Security/Forwarding-works-as-long-as-URL-does-not-contain-https/td-p/44951
2) In order to handle not using Forwarding, I had to remove all other Default Documents from IIS(except for one) as well as making the main default document be: DirectoryName/MainPage.aspx.
3) Also, I had to use the URL Rewrite Module and follow these steps: https://www.namecheap.com/support/knowledgebase/article.aspx/9953/38/iis-redirect-http-to-https
And that was finally it! After those three steps my website now works in https, and will not work in http, but will redirect the user to the https if they don’t type in https.
Also good to note the SSL Settings are NOT set to “Require” as I would have assumed.
I am trying to generate a certificate for an ec2 instance so that Jenkins that run over HTTPS.
So far, I have tried:
http://tteckie.blogspot.ca/2013/02/how-to-install-jenkins-with-ssl-on.html
However, this does not yield the correct outcome. After executing the instructions, and amending the 127.0.0.1 *.mydomain.com to the domain name of the instance.
When I got to https://myinstance.com the page shows a:
NOT SECURE: Your connection is not private
When I go to http://mystance.com the url redirects to the https url.
Am I missing something related to generating the certificate? Should I generate one with AWS Certificate Manager, and add that one to my ec2 instance?
I have also tried, generating a certificate in AWS, and adding this to my domain, this did not work as AWS Certificate Manager does not work with ec2 instances. I have also tried let's encrypt, however the etc/letsencrypt/live/ directory was not created as expected in the steps.
I went on to trying CertBot (https://certbot.eff.org/lets-encrypt/ubuntutrusty-apache), but am having some issues with Apache services and starting the service due to errors: https://askubuntu.com/questions/1034295/issues-with-running-apache-certbot-due-to-port-already-used-for-httpd-bin
Has anyone successfully been able to run their ec2 server hosting Jenkins over HTTPS? I would like to know how any of the issues above were overcome to successfully implement the SSL.
I've just deployed my IdentityServer3 solution out to an AWS instance. I had IdentityServer3 configured to RequireSSL. The problem seems that it's relatively common to have SSL running up to the AWS load balancer, then run non-SSL between the LB and IIS. So, I set RequireSSL to false and tried again. Now the problem seems to be that when IdentityServer tries to redirect to the sign-in page, it does so without https. When this redirect exits and re-enters through the LB, it fails because it must be https coming into the LB. So, it seems that IdentityServer is constructing the redirect to the sign-in page with consideration of the RequireSSL flag. Is there anyway around this? I'm working with my ops guy to just run SSL all the way to IIS, but i'm getting some pushback (of course).
As the docs state here:
https://identityserver.github.io/Documentation/docsv2/advanced/deployment.html
If you want to terminate SSL on the load balancer, there are two relevant settings on the options:
RequireSsl
Set this to false to allow non-SSL connections between the load balancer and IdentityServer.
PublicOrigin
Since your internal farm nodes have different names than the public reachable address, IdentityServer can’t use it for link generation. Set this property to the public name.
I've setup an Amazon Elastic Load Balancer instance to provide SSL termination to the EC2 instances it balances.
The certificate is a wildcard domain variant provided by 123-reg. Verifying the SSL installation using the associated root authority (GlobalSign) using their validation tooling shows 2 issues:
Server configuration does not include all intermediate certificates
Hostname in certificate and DNS name do not match
I have been unable to get the ELB instance to accept the certificate chain, and as this is optional have left this out for now. Googling around this issue all I can find is that for browser based consumers of the load balanced resources this is not infact optional and will lead to issues. However, I have been unable to find any information about what issues this will cause. Specifically - is the lack of a certificate chain the reason I am getting the hostname mismatch warning?
If the lack of a certificate chain is not the reason for the second validation error, does anyone have any idea of what else could be the issue. Some key points are:
I have setup the friendly DNS for the load balancer as a CNAME pointing to the DNS shown in the AWS console for the ELB (though it says its actually an A record ...)
The instances behind the load balancer are Windows boxes, with the domain names they server added to their respective hosts.ini
I have verified the certificate CN is correct and is *.OURDOMAIN.com as required for a wildcard certificate.
UPDATE - The domains I am trying to host are actually multi-level subdomains which appears to be the problem.
NOTE I am not especially looking for advise on how to upload the certificate chain as this is pretty well covered elsewhere on StackOverflow (although I can't get it to work all the same!). Rather, is the lack of certificate chain the root cause for the hostname/DNS name mismatch, which is what I have been unable to fathom.