Valid https certificate

rubensalban · March 19, 2019, 2:23pm

How to have a valid certificate recognized by the browser? as this one is concidered as being dangerous by the browser

federico.ballarini · March 19, 2019, 2:37pm

You can require a Let’s Encrypt certificate (you have to point a DNS name to your public IP and open port 80). This is not a valid certificate for IP address but only for the host name.
http://docs.nethserver.org/en/v7/base_system.html#server-certificate
Or you can buy a certificate from a CA.

robb · March 19, 2019, 2:37pm

You have 2 options: buy a certificate from an offcial certificate vendor (for instance Verisign) A 2nd option is to use a letsencrypt certificate. That is free and implemented in NethServer.

/edit: lol @federico.ballarini posted at the same time… same message…

rubensalban · March 19, 2019, 2:57pm

I choose option 2, how do I do it?

federico.ballarini · March 19, 2019, 3:01pm

You can read the docs and require the certificate as explained here.

rubensalban · March 19, 2019, 3:19pm

It’s not very clear

federico.ballarini · March 19, 2019, 3:34pm

First of all, you need to point a DNS name to your public IP and open port 80 from your router to your Nethserver.
Then you can go on Server Certificate page and “Require a Let’s Encrypt Certificate” with the specific button.

rubensalban · March 19, 2019, 4:52pm

And if I do not have the opportunity to point my dns on a public ip, how do I do?

robb · March 19, 2019, 5:04pm

Why can’t you point to your dns on a public IP? If it is because you have an internet connection on a dynamic IP address, you can use dynamic dns. There are several (free) services where you can connect your domain to a dynamic ip address.
If you have a server behind a firewall with only a pricate IP address, you need to configure some kind of portforwarding (and reverse dns).

rubensalban · March 19, 2019, 6:06pm

Can I specify my DNS on a public IP address from the router?

danb35 · March 19, 2019, 8:41pm

Why did you post two threads with the same question?
(edit:

To get a Let’s Encrypt cert using the server manager, a few conditions must be met:

You must own/control a real, public domain.
Public DNS records must be published, pointing that domain to your IP address.
From the Internet, your domain name is reachable on port 80 and goes to your Neth server.

If those are true, getting the Let’s Encrypt cert is simply a matter of filling out the form in the server manager.

If either (or both) of the latter are not true, you may be able to get a cert using DNS validation instead. See:
https://wiki.nethserver.org/doku.php?id=userguide:let_s_encrypt_for_internal_servers
https://wiki.nethserver.org/doku.php?id=userguide:let_s_encrypt_acme-dns

danb35 · March 19, 2019, 11:35pm

There’s actually a third: Buypass is a Norwegian CA who offers free certs using the ACME protocol as well. Their certs have a longer lifetime (180 days, IIRC), but I don’t see any particular reason to prefer them over Let’s Encrypt–but it is another option.