Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


xpd



Budget Gamer
10604 posts

Uber Geek

Mod Emeritus
Trusted
Lifetime subscriber

#269900 13-Apr-2020 16:58
Send private message quote this post

All the time I've run a website and helped others, I've never had to bother with SSL. 

 

And now I'm wanting to implement it on my personal site....but hitting snag.

 

Site hosted with Openhost, DNS with Cloudflare and SSL Cert via Cloudflare.

 

So I've generated a cert with CF, copied the supplied cert info.

 

Gone to Openhost, and added cert (via text paste) to the SSL section, which it accepted.

 

Set my site (Wordpress) to use https://www.xpd.co.nz/

 

But getting invalid cert error when visiting my site.

 

What have I done wrong ? :)

 

CF gave me 3 lots of text (keys).

 

 

 

Any ideas ? :)

 

Ta

 

 





XPD^ / DemiseNZ

 

Blog         Free Games        Twitter

 

My TradeMe Goodies

 

Disclaimer - It wasn't me, the dog ate my keyboard, my account was hacked, I was drunk, ALIENS.


Filter this topic showing only the reply marked as answer Create new topic
765 posts

Ultimate Geek

Trusted

  #2460673 13-Apr-2020 17:02
Send private message quote this post

Google gave me https://community.cloudflare.com/t/ssl-issue-unknown-issuer-from-firefox/62260





No signature to see here, move along...

23386 posts

Uber Geek

Trusted
Subscriber

  #2460674 13-Apr-2020 17:03
Send private message quote this post

I thought that the certs from cloudflare were not for end users?





Richard rich.ms

 
 
 
 


657 posts

Ultimate Geek

Trusted
Prodigi
Subscriber

  #2460675 13-Apr-2020 17:05
Send private message quote this post

Judging by the IP returned for www.xpd.co.nz you're not proxying through Cloudflare. The origin cert is not trusted by browsers, only by Cloudflare. Once you're proxying through Cloudflare with SSL enabled, they'll generate a valid cert for you and present that to visitors, while using the one you got from them (Cert + key) to encrypt traffic between Cloudflare and OpenHost





Prodigi - Optimised IT Solutions
WebOps/DevOps, Managed IT, Hosting and Internet/WAN.


Webhead
2490 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #2460678 13-Apr-2020 17:07
Send private message quote this post

I am guessing that those certs are for encrypting the communication between Cloudflare and your site, when you are using Cloudflare's caching and WAF.

 

Any reason you are not using it? Especially for blocking brute force logins etc, it's very useful.


xpd



Budget Gamer
10604 posts

Uber Geek

Mod Emeritus
Trusted
Lifetime subscriber

  #2460689 13-Apr-2020 17:33
Send private message quote this post

danielfaulknor:

 

Judging by the IP returned for www.xpd.co.nz you're not proxying through Cloudflare. The origin cert is not trusted by browsers, only by Cloudflare. Once you're proxying through Cloudflare with SSL enabled, they'll generate a valid cert for you and present that to visitors, while using the one you got from them (Cert + key) to encrypt traffic between Cloudflare and OpenHost

 

 

Bingo :)

 

Thank you kind sir, choc fish for you :)

 

 





XPD^ / DemiseNZ

 

Blog         Free Games        Twitter

 

My TradeMe Goodies

 

Disclaimer - It wasn't me, the dog ate my keyboard, my account was hacked, I was drunk, ALIENS.


BDFL - Memuneh
67454 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #2460761 13-Apr-2020 20:06
Send private message quote this post

Make sure to lock your site to only accept connections coming from these IPs https://www.cloudflare.com/ips/





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 


/dev/null
9386 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #2460765 13-Apr-2020 20:15
Send private message quote this post

Also,

 

- Ensure that xpd.co.nz is pointing towards your Openhost server and www.xpd.co.nz is a CNAME to xpd.co.nz (currently, xpd.co.nz is pointing towards what I presume to be your BigPipe IP).
- Enable HSTS is enabled with the following settings (note, this prevents you from ever using non-encrypted HTTP on your site which is not at all a bad thing) - this is set in Cloudflare under SSL/TLS --> Edge Certificates:

-- Status: On
-- Max-Age: 12 months
-- Include subdomains: On
-- Preload: On

 

- Add your site to the Preload list: https://hstspreload.org/
- Ensure Automatic HTTPS Rewrites is enabled along with TLS 1.3, set your Minimum TLS Version to 1.2 and disable Opportunistic Encryption.

 

There is no reason these days to use HTTP. SSL certificates are free.





 
 
 
 


xpd



Budget Gamer
10604 posts

Uber Geek

Mod Emeritus
Trusted
Lifetime subscriber

  #2460767 13-Apr-2020 20:18
Send private message quote this post

Thanks MM. Yeah Ive got to do some tidy up there :)





XPD^ / DemiseNZ

 

Blog         Free Games        Twitter

 

My TradeMe Goodies

 

Disclaimer - It wasn't me, the dog ate my keyboard, my account was hacked, I was drunk, ALIENS.


16092 posts

Uber Geek

Trusted
Subscriber

  #2460798 13-Apr-2020 20:59
Send private message quote this post

freitasm:

 

Make sure to lock your site to only accept connections coming from these IPs https://www.cloudflare.com/ips/

 

 

Plus optionally your own IP, if you want to connect directly.


Filter this topic showing only the reply marked as answer Create new topic





Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

National Institute for Health Innovation develops treatment app for gambling
Posted 6-Jul-2020 16:25


Nokia 2.3 to be available in New Zealand
Posted 6-Jul-2020 12:30


Menulog change colours as parent company merges with Dutch food delivery service
Posted 2-Jul-2020 07:53


Techweek2020 goes digital to make it easier for Kiwis to connect and learn
Posted 2-Jul-2020 07:48


Catalyst Cloud launches new Solutions Hub to support their kiwi Partners and Customers
Posted 2-Jul-2020 07:44


Microsoft to help New Zealand job seekers acquire new digital skills needed for the COVID-19 economy
Posted 2-Jul-2020 07:41


Hewlett Packard Enterprise introduces new HPE GreenLake cloud services
Posted 24-Jun-2020 08:07


New cloud data protection services from Hewlett Packard Enterprise
Posted 24-Jun-2020 07:58


Hewlett Packard Enterprise unveils HPE Ezmeral, new software portfolio and brand
Posted 24-Jun-2020 07:10


Apple reveals new developer technologies to foster the next generation of apps
Posted 23-Jun-2020 15:30


Poly introduces solutions for Microsoft Teams Rooms
Posted 23-Jun-2020 15:14


Lenovo launches new ThinkPad P Series mobile workstations
Posted 23-Jun-2020 09:17


Lenovo brings Linux certification to ThinkPad and ThinkStation Workstation portfolio
Posted 23-Jun-2020 08:56


Apple introduces new features for iPhone iOS14 and iPadOS 14
Posted 23-Jun-2020 08:28


Apple announces Mac transition to Apple silicon
Posted 23-Jun-2020 08:18



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.