Hi, I have activated cloud domain and forwarded to my oodoo server. Now client ask to be secured with certificate. What are the steps. I try with openssl and I generate some certificates but when I tested its not secure. As well I found sslforfree and when I try to verify automatic FTP verification I recive following Pre-verification failed. The directory is incorrect. But when I check it Files and in this directory it already created some additional folder.
How can I secure this domain?
If you create certificate yourself, nobody will trust it. Except you, if you import your own CA as trusted, and possibly people who will do the same. It’s usable only for strictly private use, but even that is not convenient, because CA needs to be added as trusted to every single device that will use the service.
Sslforfree seems to be some intermediate service pro Let’s Encrypt. But it still requires you to have publicly accessible webserver for verification, so you can most likely skip it and use Let’s Encrypt directly. I don’t know what’s oodoo server, but unless it’s something extremely limited, you can run any standard Let’s Encrypt client there.
To do this, you’ll need to create a self-signed Root certificate. Then create all your end entity certs signed by your root. Install your entity certs as normal. Then export the Root, without its private key (in X509v3 DER or PEM format) and install that on all computers, phones, etc that will access your entity cert. The trusted Root, in the certificate store on your PCs, phones, will allow the cert to work like a big name cert.
You can use a product like CertManEx to make this easy.
Own certificates are ok, but for own use (personal or some closed group). They are useless for services that have random visitors, because they would have to trust your CA to be able to verify them, and nobody in their right mind should do that.
My favourite tool for own certificates is XCA. It’s also possible to use RouterOS, it too can create CA and issue certificates.
This will be for the client for himself. When I create this and import to Mikrotik do I need to do something more? Should I install as well this to my PC?
Create CA, then create certificate for server and sign it with CA. Install certificate on server. Each client then needs CA certificate (without private key) and add it as trusted.
I try couple times but still without success. When I import the certificate to browser it still showing not secure.. What shoul I put in DNS and what in IP if I need to secure mynetname domain. And do I first create CA root certificate then what is next step. Thanks