Newbe Dev Stack

Answer : Okay, I noticed that this post is viewed quite often recently and so it seems that a lot of people are facing the same issue that I did. If so then this might help you. I have followed a simple step-by-step tutorial to create a SSL-certification for my webserver. Like so many tutorials out there the outcome of the tutorial I followed was a self-signed certificate using OpenSSL. Yep self-signed , that was the problem. The browser could not trust the server due to it's certificate which is signed by itself. Well I wouldn't do either... A certificate has to be signed by an external trustworthy certificate authority (CA). So I stumbled upon Let's Encrypt which does all the work for you and is even easier to set up and the best is: it is absolutely free. Installation 1) Delete your old ssl cert files which you have created by using OpenSSL 2) Open backports to get certbot client on Debian. You should know that this will open a hole for unfinished software!...

Answer : Ryan, thanks for pointing me in the right direction. I fleshed out your answer (2nd paragraph) a little bit with some code and it works. In this scenario these code snippets are put in my express app: // set up plain http server var http = express(); // set up a route to redirect http to https http.get('*', function(req, res) { res.redirect('https://' + req.headers.host + req.url); // Or, if you don't want to automatically detect the domain name from the request header, you can hard code it: // res.redirect('https://example.com' + req.url); }) // have it listen on 8080 http.listen(8080); The https express server listens ATM on 3000. I set up these iptables rules so that node doesn't have to run as root: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 3000 All together, this works exactly as I wanted it to. ...

Answer : Certificates that will be used with an Application Load Balancer (ELB/2.0) need to be created in ACM in the same region as the balancer. Certificates that will be used with CloudFront always need to be created in us-east-1. To use an ACM Certificate with Amazon CloudFront, you must request or import the certificate in the US East (N. Virginia) region. ACM Certificates in this region that are associated with a CloudFront distribution are distributed to all the geographic locations configured for that distribution. – http://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html The reason for this is that CloudFront doesn't follow the regional boundary model in AWS. CloudFront edge locations are all over the globe, but are configured and managed out of us-east-1 -- think of it as CloudFront's home region. Once a distribution reaches the Deployed state, it is not operationally dependent on us-east-1, but during provisioning, everything originates from that ...

Answer : This same thing happened to me when I was installing my certificate on my Android Tablet. Yes, you need to set a lock or pin code (but this can be removed after installing the certificate) Just copy the .pfx file in your Android phone On your phone Settings look for Security Under credential storage (this option might vary depending on your Phone settings), there should be an option to install certificates Restart your phone Hope this helps. This isn't the most secure solution - but it got the job done for me. I had to edit the SSL properties through IIS to ignore client certificates. IIS Setting Change It's not an Android/Chrome issue. The problem was from the fact that the server was requesting a certificate from the client. For Apache add/change the following parameter in your conf or in your sites definition: SSLVerifyClient none