Hosting A Nettalk app / SSL

[ianburgess]

I am looking to be able to have several Nettalk webserver apps hosted on a 3rd party virtual server. Also, I need to have a SSL certificate so that users can access using SSL without any security messages. Can anyone make any suggestions re companies that they have used and whether it is possible to use a "shared" SSL certificate or one must go down the road of applying for a certificate for each domain name used?

Is it just a matter of applying and getting a SSL certificate and dropping the files into the relevant subfolder? Does the host provider need to get involved/understand that I will be doing this? Where is the cheapest/best place to get SSL certificate?

Please excuse the perhaps silly questions  - I am very new to web apps etc!

[bshields]

Hi,

You can get an SSL certificate for unlimited subdomains (eg. *.mydomain.com). If you cannot use sub domains you can buy certificate packages that allow say 5 domains for a given fee). I have one from godaddy for subdomains and its $US200 a year, and it wasn't a drama. I chose a "standard SSL" certificate because we dont do ecommernce on those domains. Within a few hours i was send an email with detail on how to log into their system to manage my certificates.

I then just renamed and placed the certificate files (supplied by their online system) in the right folder plus added the necessary DLLs for nettalk to support SSL.

Regards
Bill

[Robert Iliuta]

Hallo Ian,


I use SSL certificate from GlobeSSL. I use the standard one and it works good. Depends on your needs but this one is very cheap.

https://www.globessl.com/Globe-Standard-SSL.html

Good luck!
Robert

[ianburgess]

Thanks. The Globe SSL sounds extremely good value. Am I right in saying that you get a couple of files from them that you just save in the nettalk certificates folder in place of the self certified ones that ship in nettalk? ... So it makes no difference who hosts the virtual server that is running my nettalk webserver app?

Thanks

Ian

[Bruce]

>> So it makes no difference who hosts the virtual server that is running my nettalk webserver app?

correct.

>> Am I right in saying that you get a couple of files from them that you just save in the nettalk certificates folder in
place of the self certified ones that ship in nettalk?

yes. although you may have to use OpenSSL (see docs) to convert it to the right format.

cheers
Bruce

[ianburgess]

Thanks for the replies.

Just to clarify my intentions....

I want to be able to access the secure website using the IP address (I am hosting the site) and not a domain. eg.  https://xx.xx.xxx.xxx

The question is whether it is possible to have a SSL certificate that would allow this scenario?

Presumably it must be the IP address that is referred to in the SSL certificate somehow?

[Larry Sand]

>> Presumably it must be the IP address that is referred to in the SSL certificate somehow?

Yes, you specify the the IP address in the CN (common name) field of the CSR (Certificate Signing Request) when you order the SSL cert.

[ianburgess]

Thanks. GlobeSSL was recommended as a cheap provider of certificates but when I asked them if I could get one for an IP address they said it was not possible. Can anyone recommend a cheap certificate provider that will issue a certificate for an ip address ad opposed to a domain?

.... Or is this actually possible with GlobeSSL abs they have given me wrong advice?

Basically I want to host the site on my own pc and an not concerned about a domain but need to get rid of security warnings that people get when using self signed certificate.

[ianburgess]

>> Presumably it must be the IP address that is referred to in the SSL certificate somehow?

Yes, you specify the the IP address in the CN (common name) field of the CSR (Certificate Signing Request) when you order the SSL cert.

If specifying the ip address as the CN, is it just the numerical portion ie. xx. xx.xxx.xxx or does one include the https:// ?

Also, can anyone suggest a certificate provider that will issue certificate for an ip address?

[Bruce]

Ian,

stop messing around. Get a domain. It's really cheap. Really easy to administer. And will save you piles of money and effort in the long run.

Cheers
Bruce

[ianburgess]

Ian,

stop messing around. Get a domain. It's really cheap. Really easy to administer. And will save you piles of money and effort in the long run.

Cheers
Bruce

OK that's not a problem getting a domain (I already have several spare ones), but I wanted to host the Nettalk webserver app myself - wasn't sure that was possible?

Or maybe I should just go for a hosted virtual server with a domain?

[ianburgess]

Ok I have just experimented and repointed the IP address of a spare subdomain at my own ip address so that now seems to work - the subdomain correctly going to the nettalk webserver on my pc. Now presumably all I need is a SSL certificate for the subdomain?

[Bruce]

yes.

as you have determined, pointing a sub domain at any IP address is possible - so you can definitely host it yourself if you have a fixed IP address. If you have a dynamic IP address then it gets more complicated, but I'm sure yours is fixed.

cheers
Bruce

[ianburgess]

OK fantastic - I got there in the end!

It is all a learning experience at the moment - trouble is that what is obvious to those experienced in web apps/hosting etc. is not to those of us that are new to this.

Many thanks for everyone's help.

Ian

[ianburgess]

Whilst I thought I was there, I actually have hit another snag re the actual certificate.

My starting point is that I can access the nettalk webserver app via my URL using https://sub.mydomain.com, with the webserver using port 443 and SSL and using the supplied self certified certificate.

I then used the CreateCertificateSigningRequest.bat batch file to generate a request and pasted the text of that request into an online SSL company's form (I am trying RapidSSL free 90 day trial cert).

After verifying info and accepting email address link, I received an email with text of a "Web Server Certificate" and an "Intermediate CA".

I copied ForRealCSR.crt that had been generated into \web\certificates folder and renamed it Settings.crt, overwriting the old one.

Now I am faced with the Settings.key file which contains -----BEGIN RSA PRIVATE KEY----- ......

How do I generate the RSA private key text from where I am now?

Any guidance much appreciated!!