NetTalk Central

Author Topic: DNS / Certificate questions  (Read 4806 times)

Jim A

  • Full Member
  • ***
  • Posts: 203
    • View Profile
    • Email
DNS / Certificate questions
« on: March 26, 2018, 05:36:25 PM »
Hi All:  It's been awhile since I've done much with NTWS but would like to get things going again.  I had previously used the server's IP address and port and simply set the connection as secure. I shut down that app a few years ago.  From what I've been able to gather now, I need to get a domain that points to the private server's IP, and use Let's Encrypt or buy a certificate for that domain.  Correct?

I really don't want to expose the server to anything but the web app.   What measures can or should I take to achieve that?

If there's a webinar for this, please let me know. 

Thank you,

Jim

Jim A

  • Full Member
  • ***
  • Posts: 203
    • View Profile
    • Email
Re: DNS / Certificate questions
« Reply #1 on: April 02, 2018, 03:31:30 PM »
It's probably a dumb question, sorry.  Maybe it'll help to rewrite what I'm after.

1.  To use Let's Encrypt, do I need to assign a domain name to our IP address?

2.  If the answer above is true, can I assign a domain name to a port number on the IP address?

Thanks,

Jim

bshields

  • Sr. Member
  • ****
  • Posts: 392
    • View Profile
    • Inhabit
    • Email
Re: DNS / Certificate questions
« Reply #2 on: April 02, 2018, 09:57:10 PM »
Hi Jim,

This is a over simplified explanation. It can be more specific with more details.

Yes, a domain name needs to be associated with a IP address. Period. Irrespective of LetsEncrypt or normal SSL certificate. You cannot control ports with Domain names. They aren't designed that way.

Generally, you control the ports at the firewall (router) or Server (if the server has a public IP - very rare, now-a-days).

You need to know the public IP address that can be routed to your server. Thats the IP you'll "delegate" to your domain name (via your DNS servers).

Then use the router that controls your servers access to the internet to manage which ports have access. If its a virtual server, your provider probably controls this access. In which case there is probably a setting in your control panel, or your could send them an email). If its your own servers, you probably already know this.

Just ask them to open port 80 (http) and port 443 (https) and close all other ports unless you need them (eg RDP uses 3389 so if you RDP to your box you'll need that).

Regards
Bill





« Last Edit: April 02, 2018, 10:38:50 PM by bshields »

Jim A

  • Full Member
  • ***
  • Posts: 203
    • View Profile
    • Email
Re: DNS / Certificate questions
« Reply #3 on: April 03, 2018, 03:37:28 AM »
Thank you Bill!  Exactly what I needed to know.