Posted: 6/8/2016 1:36:24 PM EDT
|
pros/cons for the 2 options for free SSL client certs.
and if i get a godaddy cpanel hosting account (a steal at $1 per month with promo code CJC1HOS5 if you select 12 month plan for economy 1 site hosting) can I use my own startssl/letsencrypt certs? with cpanel? cause I know that manual edits into linux get overwritten by cpanel. |
|
cPanel overwrites what in Linux?
Quoted:
pros/cons for the 2 options for free SSL client certs. and if i get a godaddy cpanel hosting account (a steal at $1 per month with promo code CJC1HOS5 if you select 12 month plan for economy 1 site hosting) can I use my own startssl/letsencrypt certs? with cpanel? cause I know that manual edits into linux get overwritten by cpanel. Posted Via AR15.Com Mobile |
|
Quoted:
cPanel overwrites what in Linux? Posted Via AR15.Com Mobile Quoted:
cPanel overwrites what in Linux? Quoted:
pros/cons for the 2 options for free SSL client certs. and if i get a godaddy cpanel hosting account (a steal at $1 per month with promo code CJC1HOS5 if you select 12 month plan for economy 1 site hosting) can I use my own startssl/letsencrypt certs? with cpanel? cause I know that manual edits into linux get overwritten by cpanel. Posted Via AR15.Com Mobile not exactly sure, never really used it like its intended, i think. someone asked me to help install ssl certs on webserver and im a VI kinda guy so i got them all squared away and cpanel came in and wiped it all out. |
|
The only thing that would cause that is Enigma's scenario where a cPanel level cert install writes to your VM or physical and kills your edit. That's an expected behavior though not some malicious glitch.
Quoted:
not exactly sure, never really used it like its intended, i think. someone asked me to help install ssl certs on webserver and im a VI kinda guy so i got them all squared away and cpanel came in and wiped it all out. Quoted:
Quoted:
cPanel overwrites what in Linux? Quoted:
pros/cons for the 2 options for free SSL client certs. and if i get a godaddy cpanel hosting account (a steal at $1 per month with promo code CJC1HOS5 if you select 12 month plan for economy 1 site hosting) can I use my own startssl/letsencrypt certs? with cpanel? cause I know that manual edits into linux get overwritten by cpanel. Posted Via AR15.Com Mobile not exactly sure, never really used it like its intended, i think. someone asked me to help install ssl certs on webserver and im a VI kinda guy so i got them all squared away and cpanel came in and wiped it all out. Posted Via AR15.Com Mobile |
|
The whole purpose of cPanel is so websites can be created and maintained without ever actually having to touch the server level. We resell domains with Plesk, and I know in our Plesk Control Panels you can install a cert for a domain in the customer panel, you just do the typical CSR text and go from there.
Quoted:
The only thing that would cause that is Enigma's scenario where a cPanel level cert install writes to your VM or physical and kills your edit. That's an expected behavior though not some malicious glitch. Posted Via AR15.Com Mobile Quoted:
The only thing that would cause that is Enigma's scenario where a cPanel level cert install writes to your VM or physical and kills your edit. That's an expected behavior though not some malicious glitch. Quoted:
Quoted:
cPanel overwrites what in Linux? Quoted:
pros/cons for the 2 options for free SSL client certs. and if i get a godaddy cpanel hosting account (a steal at $1 per month with promo code CJC1HOS5 if you select 12 month plan for economy 1 site hosting) can I use my own startssl/letsencrypt certs? with cpanel? cause I know that manual edits into linux get overwritten by cpanel. Posted Via AR15.Com Mobile not exactly sure, never really used it like its intended, i think. someone asked me to help install ssl certs on webserver and im a VI kinda guy so i got them all squared away and cpanel came in and wiped it all out. Posted Via AR15.Com Mobile |
|
You won't want to use LetsEncrypt unless you have enough control over the server to install their client or another ACME compatible client. LetsEncrypt isn't meant to be used by manually downloading and configuring the certificates (although this is possible) but rather through an automated client that keeps them renewed. The certs expire after 90 days so it would be a pain in the ass to maintain manually.
StartSSL free certs are good for a year I think. edit: Easiest thing to do is throw a free cloudflare plan over your site and enable SSL from there. Free plus you get CDN. |
|
Quoted:
You won't want to use LetsEncrypt unless you have enough control over the server to install their client or another ACME compatible client. LetsEncrypt isn't meant to be used by manually downloading and configuring the certificates (although this is possible) but rather through an automated client that keeps them renewed. The certs expire after 90 days so it would be a pain in the ass to maintain manually. StartSSL free certs are good for a year I think. edit: Easiest thing to do is throw a free cloudflare plan over your site and enable SSL from there. Free plus you get CDN. excellent this is the exact guidance I needed THANKS wait, so they way this works, is cloudflare terminates the SSL session from internet users. then passes on the underlying HTTP get/response to godaddy? |
|
Quoted:
excellent this is the exact guidance I needed THANKS wait, so they way this works, is cloudflare terminates the SSL session from internet users. then passes on the underlying HTTP get/response to godaddy? Quoted:
Quoted:
You won't want to use LetsEncrypt unless you have enough control over the server to install their client or another ACME compatible client. LetsEncrypt isn't meant to be used by manually downloading and configuring the certificates (although this is possible) but rather through an automated client that keeps them renewed. The certs expire after 90 days so it would be a pain in the ass to maintain manually. StartSSL free certs are good for a year I think. edit: Easiest thing to do is throw a free cloudflare plan over your site and enable SSL from there. Free plus you get CDN. excellent this is the exact guidance I needed THANKS wait, so they way this works, is cloudflare terminates the SSL session from internet users. then passes on the underlying HTTP get/response to godaddy? Yes, that is one way it can work. They support 3 SSL setups: Browser -> CloudFlare over their SSL cert, then CloudFlare -> your site over unencrypted HTTP (they call this 'Flexible') Browser -> CloudFlare over their SSL cert, then CloudFlare -> your site over unverified HTTPs, using a self-signed cert for instance (called Full) Browser -> CloudFlare over their SSL cert, then CloudFlare -> your site over HTTPs, using a valid cert (called Full Strict) Obviously depending on your use case, you might not like the idea of the insecure portion between CloudFlare and your site. |
|
Quoted:
so just because they are cloudflare, then comodo just believes them everytime they want to add a domain? cause my shit is all SSLed all of a sudden and i didnt have to do anything. cool. i think Pretty much. It's a neat option for many use cases, but obviously if you are trying to secure actual sensitive information, you'd probably want more control and encryption all the way to your server. But in that case, you probably should opt for one of the paid certificates that actually verify your identity and provide a little more trust to your users. |
|
Quoted: Yes, that is one way it can work. They support 3 SSL setups: Browser -> CloudFlare over their SSL cert, then CloudFlare -> your site over unencrypted HTTP (they call this 'Flexible') Browser -> CloudFlare over their SSL cert, then CloudFlare -> your site over unverified HTTPs, using a self-signed cert for instance (called Full) Browser -> CloudFlare over their SSL cert, then CloudFlare -> your site over HTTPs, using a valid cert (called Full Strict) Obviously depending on your use case, you might not like the idea of the insecure portion between CloudFlare and your site. Quoted: Quoted: Quoted: You won't want to use LetsEncrypt unless you have enough control over the server to install their client or another ACME compatible client. LetsEncrypt isn't meant to be used by manually downloading and configuring the certificates (although this is possible) but rather through an automated client that keeps them renewed. The certs expire after 90 days so it would be a pain in the ass to maintain manually. StartSSL free certs are good for a year I think. edit: Easiest thing to do is throw a free cloudflare plan over your site and enable SSL from there. Free plus you get CDN. excellent this is the exact guidance I needed THANKS wait, so they way this works, is cloudflare terminates the SSL session from internet users. then passes on the underlying HTTP get/response to godaddy? Yes, that is one way it can work. They support 3 SSL setups: Browser -> CloudFlare over their SSL cert, then CloudFlare -> your site over unencrypted HTTP (they call this 'Flexible') Browser -> CloudFlare over their SSL cert, then CloudFlare -> your site over unverified HTTPs, using a self-signed cert for instance (called Full) Browser -> CloudFlare over their SSL cert, then CloudFlare -> your site over HTTPs, using a valid cert (called Full Strict) Obviously depending on your use case, you might not like the idea of the insecure portion between CloudFlare and your site. Or CloudFlare sniffing your traffic. |
|
well its fairly sensitive - mortgage pre qual info, including SSN. CF does have the option on the backend to use self signed cert i will implement that.
well this is actually amazing what my wife is getting here. godaddy+cpanel, ssl+cloudflare all for $12 for the first year, plus a few hours of my time. all thats left now is to figure out how to make the form action where it perl formats the POST data into something readable and send an email from the server (MAILTO is not desired at all). well this is actually amazing what my wife is getting here. godaddy+cpanel, ssl+cloudflare all for $12 for the first year, plus a few hours of my time. this is all great thanks everyone for all the guidance. |
|
Quoted:
well its fairly sensitive - mortgage pre qual info, including SSN. CF does have the option on the backend to use self signed cert i will implement that. well this is actually amazing what my wife is getting here. godaddy+cpanel, ssl+cloudflare all for $12 for the first year, plus a few hours of my time. all thats left now is to figure out how to make the form action where it perl formats the POST data into something readable and send an email from the server (MAILTO is not desired at all). well this is actually amazing what my wife is getting here. godaddy+cpanel, ssl+cloudflare all for $12 for the first year, plus a few hours of my time. this is all great thanks everyone for all the guidance. Remember to include an invoice for your time at an appropriate billable rate with an adjustment to zero dollars marked as "family discount" 
|
|
How....
Ordinary 
Now, back to this nonsense about Microsoft becoming a FreeBSD contributor and offering it as a native image on Azure.... Quoted:
The whole purpose of cPanel is so websites can be created and maintained without ever actually having to touch the server level. We resell domains with Plesk, and I know in our Plesk Control Panels you can install a cert for a domain in the customer panel, you just do the typical CSR text and go from there. |
|
Quoted:
Remember to include an invoice for your time at an appropriate billable rate with an adjustment to zero dollars marked as "family discount" Quoted:
Quoted:
well its fairly sensitive - mortgage pre qual info, including SSN. CF does have the option on the backend to use self signed cert i will implement that. well this is actually amazing what my wife is getting here. godaddy+cpanel, ssl+cloudflare all for $12 for the first year, plus a few hours of my time. all thats left now is to figure out how to make the form action where it perl formats the POST data into something readable and send an email from the server (MAILTO is not desired at all). well this is actually amazing what my wife is getting here. godaddy+cpanel, ssl+cloudflare all for $12 for the first year, plus a few hours of my time. this is all great thanks everyone for all the guidance. Remember to include an invoice for your time at an appropriate billable rate with an adjustment to zero dollars marked as "family discount" hah i better not go there. she will then turn around and bill me for services rendered.  with the exclusivity contract i have for her services, he hourly rate is waaaay above mine 
|
|
Quoted:
A little OT but important based on the goal. Since you mentioned mortgage info (which is actually my AO) which involves a great deal of NPI I'm assuming you/she are giving consideration as to how it's going to be managed/protected. well i was actually able to use a real live cert from startssl to cover the backend between CF and GD. CF is set for full+strict. also was able to get all the redirects from http to https, and from the root domain to where www is automatically prepended. never done any CGI before, as it sits now I have all the form data being written to a file. next need to figure out how to set up my domain for email, and how to make my server's cgi perl script email out the data to her with an attachment. not sure yet what options her work domain has for email encryption or what GD has for me to use, but if worst comes to worst, I can do some type of manual encryption before its send and she'll just have to type in a password to unencrypt it. after she recieves the email at her office its out of my hands. another thing though - it appears I have my own dedicated IP address, not just virtual hosting. this appears to be the case as I enabled SSH and connect right to that IP on port 22. |
|
Quoted:
If you're storing stuff locally you should really consider encrypting any data at rest. And absolutely encrypt anything you're transmitting via email if it contains NPI. i dont think ill store anything, just take the prequal app and send the data in the email body. eventually ill format it into fannie mae's .fnm file format so she can just import the file into her encompass program, should be much quicker for her to not have to type anything in. the cpanel has an email section with encryption button, im going through that now it seems to be gnupg based. |
|
well its done! thanks for all the suggestions. got my cgi script set up to read form data and encrypt it all using Crypt::GPG, and my wife's PC set up with mailvelope firefox plugin for her GMail. as stated before, Cloudflare takes care of HTTPS on frontend, then from Cloudflare to Godaddy I have Full/Strict HTTPS via real live free startssl cert.
im actually very pleased with it all, this is my 1st CGI type of web app. and the web site itself isnt all that bad aesthetically, especially with my weak skills. way better than i actually thought i could come up with. got some transparency going on and all. |