0

I am trying to use SSL with my webapi published using IIS.

I've enabled SSL in webapi project by setting SSL ENABLED to TRUE. On the local pc I've created a self signed certificate, which gets issued to MyPcNameHere/MyCompanyDomainHere. (not sure if that matters)

now if I browse to webpage in chrome/mozilla I get a warning... your connection is not secure. Mozilla's error is THE CERTIFICATE IS NOT TRUSTED BECAUSE IT IS SELF SIGNED.

What are my options here for handling this? (when I get this warning is the connection truly not secure? Or is it purely a warning that the certificate is self signed?)

I don't mind getting a third party certificate, but when I tried it wanted me to verify I own domain. This myPc/myDomain is inside a company firewall so I don't see how I could obtain a certificate.

any suggestions?

solarissf
  • 1,199
  • 2
  • 23
  • 58

1 Answers1

1

You get that error (warning actually) because you're using a self signed certificate, which your browser doesn't recognize.

Your options are:

  • obtain a certificate issued by a trusted provider (the root certificate of the issuer will be present in the trusted root certificates store of your browser/system
  • make the browser trust your self signed certificate (here's a guide for Chrome, I didn't find any for Mozilla - you have to just add a permanent exception)

Now, if you're using this only for a test, you can get the browser to trust your self signed certificate.

If you're in a company network, and you have the resources, you might consider setting up a local CA, which you then may use to issue certificates for testing machines on the Intranet, or for you dev environment. You will of course deploy the root certificate on all machines' trusted certificate store.

If you're going live with this (production machine accessible over the Internet), you have to really consider a provider.

Community
  • 1
  • 1
13dimitar
  • 536
  • 5
  • 13
  • setting up a local CA, if I have the resources... what resources would I need? I wouldn't mind installing root certificates on users pc – solarissf Feb 08 '17 at 19:36
  • A server for a start. In my previous company we had a CA on one of our domain controllers. We used it to issue certificates used in testing/dev environment - on Intranet sites and so on. You can set up one on Linux if you'd like. You need a server, time, someone to manage that CA .. that kind of resources :) – 13dimitar Feb 08 '17 at 19:39
  • Oh. I was hoping a 5 minute thing like iis create certificate button. So it's not like that? – solarissf Feb 08 '17 at 19:40
  • once you set it up it will be a 2 minutes thing. – 13dimitar Feb 08 '17 at 19:40
  • I don't have access to a server. Can you do it from a windows desktop pc? – solarissf Feb 08 '17 at 19:41
  • No, it's a server role. Also, to deploy it on domain machines you need to set up a group policy for it (yes, it's possible to do it locally on every machine, but please don't). – 13dimitar Feb 08 '17 at 19:42
  • since I do not have access to a server, I am trying to make Chrome trust this certificate. I followed the guide, exported the pkcs certificate, imported it. Chrome goes directly to site, but still says NOT SECURE. any ideas? – solarissf Feb 08 '17 at 20:05