Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 02 Sep 2014, 00:55
All times are UTC - 4
 Forum index » House Training » Users ( For the regulars )
Setting up an SSL certificate, discussion
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [6 Posts]  
Author Message
01micko


Joined: 11 Oct 2008
Posts: 7796
Location: qld

PostPosted: Thu 10 Jan 2013, 18:43    Post subject:  Setting up an SSL certificate, discussion
Subject description: On home web server... when is it needed?
 

Hi web gurus

This started out as a question but now lets turn it into a discussion Smile


Original post
I have set up a web server at home using hiawatha-8.6, followed the docs and have set up SSL. It's good except that I get the "this server is untrusted" spiel by the browser. I followed the instructions from hiawatha. Pretty simple, didn't take long to set up.

Is there a way to generate the certificate myself and avoid the warning? Or is there some place where I have to register the certificate? Am I better of getting a certificate from Thawte or Comodo (suggested by the linked manual) or elsewhere?

TIA

EDIT :

I'm thinking I don't even need SSL. The fact is I'll only be hosting files. Clients won't be sending any critical data and no critical data will be hosted. The only advantage is that Port 80 can be closed (me thinks) as SSL uses 443. The server will be running headless controlled remotely vis SSH. There will be no need of a browser at all. Only Ports 443 and 21,20 (? ftp for adding files) and the SSH ports (forget the numbers) will need to be open. It's also behind a hardware firewall.

_________________
Woof Mailing List | keep the faith Cool |

Last edited by 01micko on Sat 12 Jan 2013, 02:14; edited 2 times in total
Back to top
View user's profile Send private message Visit poster's website 
pemasu


Joined: 08 Jul 2009
Posts: 5463
Location: Finland

PostPosted: Thu 10 Jan 2013, 19:02    Post subject:  

It has been several years when I created self signed certificate for mail server usage with webmail interface. Then I fed it to the browsers inside our organization. It worked at that time. I dont know how the nowadays browsers accept those selfsigned certificates. I found the instructions from the net. Years ago.

If you use google with: self signed certificate, you will find several guides how to do it.
Back to top
View user's profile Send private message 
01micko


Joined: 11 Oct 2008
Posts: 7796
Location: qld

PostPosted: Thu 10 Jan 2013, 19:14    Post subject:  

Yeah, the only other web servers I have set up have used IIS (2003, 2008 in college) and we just used self-signed.

Sure seems like that a purchased certificate is needed.

I just want my server to be secure Cool . Yeah well running Puppy may have it's disadvantages in that department but the web-server doesn't run as root. It is intended to be run headless too, so no X vulnerabilities. Also, if users peruse the certificate they can see it is mine, whether that offers them peace of mind or not is up to them.

Thanks for reply.

EDIT: an interesting read :

http://www.networkworld.com/news/tech/2012/021512-ssl-certificates-256189.html

_________________
Woof Mailing List | keep the faith Cool |
Back to top
View user's profile Send private message Visit poster's website 
Hotdog


Joined: 29 Sep 2011
Posts: 109
Location: Georgia USA

PostPosted: Fri 11 Jan 2013, 16:39    Post subject:  

01micko,

Your second-thought assessment is the correct one - SSL not needed. SSL is for encrypting data between the client browser and the server particularly for transmitting sensitive data such as happens in a financial transaction. So, rest easy and forget the SSL.

_________________
Puppy 528, Full Install
Back to top
View user's profile Send private message 
jamesbond

Joined: 26 Feb 2007
Posts: 2134
Location: The Blue Marble

PostPosted: Fri 11 Jan 2013, 23:06    Post subject: Re: Setting up an SSL certificate
Subject description: On home web server... is it needed?
 

01micko wrote:
I'm thinking I don't even need SSL. The fact is I'll only be hosting files. Clients won't be sending any critical data and no critical data will be hosted.
You've got this right.

Quote:
The only advantage is that Port 80 can be closed (me thinks) as SSL uses 443.
There is no difference between running web server on port 80 or 443. If you wish, you can configure hiawatha to run on port 443 too *even without SSL*.

Just make sure don't run it as root (you already did that), don't run it as spot, run it as a very limited user ("hiawatha"?) that only has access to one directory - the webroot.

_________________
Fatdog64, Slacko and Puppeee user. Puppy user since 2.13.
Contributed Fatdog64 packages thread
Back to top
View user's profile Send private message 
01micko


Joined: 11 Oct 2008
Posts: 7796
Location: qld

PostPosted: Sat 12 Jan 2013, 02:09    Post subject:  

Yeah I was just being a bit paranoid I guess, with good reason though!

Funny, today my twitter account got compromised, all fixed now. The first thing I did was check the server log !! Only unusual thing there was an IP of 37.34.56.76. That led me to http://leisink.org/, which tells me it's moved and links to leisink.net and some nice photos. I recognised the name "leisink".. sure enough it's Hugo Leisink, author of hiawatha.. so hiawatha must phone home.

Still, on the topic of certificates, I think it can make for interesting discussion, so anyone, still offer opinions. We may be able to build a valuable resource here for novice web masters.

EDIT: BTW, I have now turned off ftp which closes another hole Cool . I use secure copy (scp, uses secure shell, in slacko, probably others too)

_________________
Woof Mailing List | keep the faith Cool |
Back to top
View user's profile Send private message Visit poster's website 
Display posts from previous:   Sort by:   
Page 1 of 1 [6 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » Users ( For the regulars )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0645s ][ Queries: 12 (0.0118s) ][ GZIP on ]