Donate to Remove ads

Got a credit card? use our Credit Card & Finance Calculators

Thanks to johnstevens77,Bhoddhisatva,scotia,Anonymous,Cornytiv34, for Donating to support the site

SSL Certificate

Seek assistance with all types of tech. - computer, phone, TV, heating controls etc.
Nocton
Lemon Slice
Posts: 491
Joined: November 6th, 2016, 11:25 am
Has thanked: 134 times
Been thanked: 138 times

SSL Certificate

#406998

Postby Nocton » April 26th, 2021, 10:06 am

I want to upgrade a website from http to https. The site is hosted on Fasthosts and it says I need to enter a CSR code. It then gives a help doc to advise how to get the certificate and code. Instructions are given for free MS software IIS 7 or 8. But when I click on the click given or go to the MS download site I find that the software is no longer available. So the Help doc seems to be out-of-date.
Searching on the web I seem to go round and round to the same point or otherwise get websites offering to do the job for a lot of money. Can any one recommend the simplest way to get a SSL cert and code, please? The web site does not handle any user's data and does not really need https. The only reason to get it is to avoid warnings coming up on some browsers saying site not secure. It is a club web site and we don't want to spend a lot of money on this.

supremetwo
Lemon Quarter
Posts: 1007
Joined: November 8th, 2016, 2:20 am
Has thanked: 130 times
Been thanked: 196 times

Re: SSL Certificate

#407020

Postby supremetwo » April 26th, 2021, 10:42 am

Unless you have a very cheap package, many providers offer it free.

If Fasthosts want to charge upwards of £25 per year for a certificate, perhaps shop around.

Try uploading a trial page with your URL as https://your domain/trial.html i.e. no www.

Infrasonic
Lemon Quarter
Posts: 4479
Joined: November 4th, 2016, 2:25 pm
Has thanked: 644 times
Been thanked: 1260 times

Re: SSL Certificate

#407027

Postby Infrasonic » April 26th, 2021, 10:52 am

You need to check the features available on your web hosting package contract to see if SSL is available. The feature sets change over time as well, so even if you used to have it that doesn't mean you definitely will now...

Fasthosts (owned by IONOS) tend to have very limited feature sets for the basic cheap packages, the more you pay the more you get.

The same applies to their email hosting - minimal packages only give you things like SPF customisation - no DKIM/DMARC or ARC authentication, which can make reliable email delivery an issue as Fasthosts also have problems with greylisted IP address blocks for their SMTP. (I've had this out with their 'technical support' who appear to be interns with next to no knowledge. It seems the proper techs get reserved for £££ customers).

You can get free SSL (with caveats).
https://letsencrypt.org/getting-started/
https://community.letsencrypt.org/t/web ... crypt/6920

Lanark
Lemon Quarter
Posts: 1321
Joined: March 27th, 2017, 11:41 am
Has thanked: 595 times
Been thanked: 582 times

Re: SSL Certificate

#407047

Postby Lanark » April 26th, 2021, 11:28 am

You need to contact your host and get SSL enabled, which fasthosts charge £25 per year for.

Other hosting companies charge less and offer free SSL, but of course they may not be as good in other ways.

In my experience American hosting companies are significantly cheaper than an equivalent hosting in the UK.

Nocton
Lemon Slice
Posts: 491
Joined: November 6th, 2016, 11:25 am
Has thanked: 134 times
Been thanked: 138 times

Re: SSL Certificate

#407066

Postby Nocton » April 26th, 2021, 11:58 am

We've just got a minimal package with Fasthosts, web and mail forwarding. The actual website is hosted on my free personal web space with Plusnet. Fasthosts offer SSL certification for £25 but following their procedure I end up needing a CSR code and their documentation on how to get it refers to using IIS7 or 8 which MS say are no longer available to download. I may have to go to their support, but annoyingly one has to via the phone rather than a form or email submission.

Infrasonic
Lemon Quarter
Posts: 4479
Joined: November 4th, 2016, 2:25 pm
Has thanked: 644 times
Been thanked: 1260 times

Re: SSL Certificate

#407075

Postby Infrasonic » April 26th, 2021, 12:21 pm

When logged in to the FH control panel try...
https://help.fasthosts.co.uk/app/ask
https://help.fasthosts.co.uk/app/community/ask

They might have phone support only currently on the control panel due to the deluge they are probably experiencing as everyone gets back to normality - so the wait times act as a bit of a filter... :twisted:

supremetwo
Lemon Quarter
Posts: 1007
Joined: November 8th, 2016, 2:20 am
Has thanked: 130 times
Been thanked: 196 times

Re: SSL Certificate

#407086

Postby supremetwo » April 26th, 2021, 12:54 pm

Nocton wrote:We've just got a minimal package with Fasthosts, web and mail forwarding. The actual website is hosted on my free personal web space with Plusnet. Fasthosts offer SSL certification for £25 but following their procedure I end up needing a CSR code and their documentation on how to get it refers to using IIS7 or 8 which MS say are no longer available to download. I may have to go to their support, but annoyingly one has to via the phone rather than a form or email submission.


Windows 10?

Copy Turn Windows features on or off into the search bar.

In Windows Features, click on the checkbox 'Internet Information Services' then 'Web Management Tools'.

But you should not need Windows IIS with your existing Plusnet hosting.
Last edited by supremetwo on April 26th, 2021, 1:03 pm, edited 2 times in total.

Infrasonic
Lemon Quarter
Posts: 4479
Joined: November 4th, 2016, 2:25 pm
Has thanked: 644 times
Been thanked: 1260 times

Re: SSL Certificate

#407090

Postby Infrasonic » April 26th, 2021, 1:00 pm

Nocton wrote:The actual website is hosted on my free personal web space with Plusnet. .


https://www.plus.net/help/broadband/ssl-security-guide/
If you've got business broadband, or an older home broadband account that offers webspace, then read on. Your webspace uses the server ftp.plus.net, which supports SSL. That means it's possible to allow people visiting certain pages of your website to use a secure, encrypted SSL connection. To do that, use the address https://homepages.plus.net/username.

If you want to access a specific file on your webspace using SSL, use https://homepages.plus.net/username/myfile.html for example. Remember to add https in any hyperlinks you use.

This won't work with:

hosted domains

https://www.username.plus.com/

CGI webspace (CGI platforms don't support SSL)

You won't need to use SSL on every webpage, only the ones that need to be encrypted. SSL doesn't work for pages that contain images or objects that come from other websites. You can only use SSL for content you've uploaded to Plusnet's web servers.

stewamax
Lemon Quarter
Posts: 2417
Joined: November 7th, 2016, 2:40 pm
Has thanked: 83 times
Been thanked: 781 times

Re: SSL Certificate

#407243

Postby stewamax » April 26th, 2021, 10:03 pm

Some hosts such as TSOHOST provide a link to Let's Encrypt which is a free certificate service. The downside is that certificates last three months. The hosts usually claim to renew automatically but it is as well to keep an eye on them.

Nocton
Lemon Slice
Posts: 491
Joined: November 6th, 2016, 11:25 am
Has thanked: 134 times
Been thanked: 138 times

Re: SSL Certificate

#407288

Postby Nocton » April 27th, 2021, 8:55 am

Thank you for all replies.
Infrasonic pointed me in the right direction to look at my Plusnet account. As in the info he quotes, Plusnet offer the https option by forwarding to https://homepages.plus.net/username/default.html instead of http://www.username.plus.com/default.html.
That produced the lock at once without any charge or palaver. However, it does not work if I use Masking so if I want the website to show the actual website name I'll need to get the SSL certificate and perhaps pay £25 if I stick with Fasthosts.

Infrasonic
Lemon Quarter
Posts: 4479
Joined: November 4th, 2016, 2:25 pm
Has thanked: 644 times
Been thanked: 1260 times

Re: SSL Certificate

#407296

Postby Infrasonic » April 27th, 2021, 9:42 am

https://www.techradar.com/uk/news/best- ... e-provider

...When people talk about SSL certificates, it is easy to assume that they’re all the same. But depending on who authorized them and how diligent the background checks were, they come with different levels of validation.

Here are the four levels of validation most commonly used:

Self-signed.
At first glance, the idea of self-signed certificates seems mildly ridiculous, because looking in the mirror and confirming that the reflection is indeed you won’t work at passport control. However, if the purpose of these certificates is to control traffic on an internal corporate intranet, it works well enough, and avoids the browser repeatedly complaining about unsecured web locations.

Domain Validation (DV).
The next rung up is the Domain Validated SSL certificate, which is purely a confirmation that the web pages are truly coming from the expected domain and not some other. It says nothing about the person or business in question, just that they own a domain.

Organization Validated (OV).
The highest level of validation that an individual can aspire to, and high enough for many businesses. Company credentials and those of the named owners are checked against extensive databases, including those held by local governments.

Extended Validation (EV).
The pinnacle of SSL issuance is the fully authenticated SSL certificate, needed for any company that wants to offer their customers secure web locations, email and financial transactions.
While self-signed and domain level certificates have their uses, it’s the OV and EV levels that businesses truly need. Because they prove that a company has domain ownership, a genuine business, and that the certificate was applied for by authorized personnel.

As it’s reasonable to expect, checks of this type take time. Therefore, applying for and being granted an authenticated SSL certificate is not something that can happen five minutes before a new web venture is about to go live.

The other element that separates one SSL certificate from another is the level of encryption that it applies, and exactly how secure that makes it...
Cont.

Mike4
Lemon Half
Posts: 7084
Joined: November 24th, 2016, 3:29 am
Has thanked: 1637 times
Been thanked: 3791 times

Re: SSL Certificate

#407300

Postby Mike4 » April 27th, 2021, 9:56 am

Infrasonic wrote:https://www.techradar.com/uk/news/best-ssl-certificate-provider

...When people talk about SSL certificates, it is easy to assume that they’re all the same. But depending on who authorized them and how diligent the background checks were, they come with different levels of validation.

Here are the four levels of validation most commonly used:

Self-signed.
At first glance, the idea of self-signed certificates seems mildly ridiculous, because looking in the mirror and confirming that the reflection is indeed you won’t work at passport control. However, if the purpose of these certificates is to control traffic on an internal corporate intranet, it works well enough, and avoids the browser repeatedly complaining about unsecured web locations.

Domain Validation (DV).
The next rung up is the Domain Validated SSL certificate, which is purely a confirmation that the web pages are truly coming from the expected domain and not some other. It says nothing about the person or business in question, just that they own a domain.

Organization Validated (OV).
The highest level of validation that an individual can aspire to, and high enough for many businesses. Company credentials and those of the named owners are checked against extensive databases, including those held by local governments.

Extended Validation (EV).
The pinnacle of SSL issuance is the fully authenticated SSL certificate, needed for any company that wants to offer their customers secure web locations, email and financial transactions.
While self-signed and domain level certificates have their uses, it’s the OV and EV levels that businesses truly need. Because they prove that a company has domain ownership, a genuine business, and that the certificate was applied for by authorized personnel.

As it’s reasonable to expect, checks of this type take time. Therefore, applying for and being granted an authenticated SSL certificate is not something that can happen five minutes before a new web venture is about to go live.

The other element that separates one SSL certificate from another is the level of encryption that it applies, and exactly how secure that makes it...
Cont.



Very interesting, thank you. I had no idea there were different types of certificate.

Given that the OP's only goal in getting a SSL ticket is to make their website URL begin with https instead of http, and thereby get rid of the annoying warnings in browser bars that the site is "insecure", presumably the lowest level "self signed" is good enough.

I had the exact same goal a few years ago but also an additional reason; Google demotes sites in search result listings that are not https, I gather, so I went the "letsencrypt" route, which seemed to work very well on all my sites. It saved me spending £25 per site per year on all my URLS, which would have been a significant business expense.

Infrasonic
Lemon Quarter
Posts: 4479
Joined: November 4th, 2016, 2:25 pm
Has thanked: 644 times
Been thanked: 1260 times

Re: SSL Certificate

#407307

Postby Infrasonic » April 27th, 2021, 10:11 am

Nocton wrote:Thank you for all replies.
Infrasonic pointed me in the right direction to look at my Plusnet account. As in the info he quotes, Plusnet offer the https option by forwarding to https://homepages.plus.net/username/default.html instead of http://www.username.plus.com/default.html.
That produced the lock at once without any charge or palaver. However, it does not work if I use Masking so if I want the website to show the actual website name I'll need to get the SSL certificate and perhaps pay £25 if I stick with Fasthosts.


It's up to you but I'd be inclined to mirror the website if possible, that way the secondary mirror can be used as an automated failover backup should there be any issues with the primary. Same with email, have more than one SMTP option for sending domain email (that's where the SPF authentication customisation comes in with Fasthosts...https://en.wikipedia.org/wiki/Sender_Policy_Framework).
Services do go down, even if it's generally briefly with the majors. With cheap hosting setups you'll also be at the mercy of the hosts budget allocation to maintenance issues and reputational problems (dirty IP addresses). Don't hold your breath there...

https://downdetector.co.uk/archive/

You can put free monitors on your domain web/email to check for server outages via services like MXToolbox. Generally limited to one free monitor per free account registration (so if you have more than one... :D ). You'll get alerts when routine maintenance takes place if there is a brief offline moment - don't freak out...
https://mxtoolbox.com/NetworkTools.aspx

dave559
Lemon Pip
Posts: 91
Joined: March 14th, 2018, 1:01 am
Has thanked: 288 times
Been thanked: 53 times

Re: SSL Certificate

#407331

Postby dave559 » April 27th, 2021, 11:17 am

Is the domain name (minimally) hosted at Fasthosts (that is, when a web browser requests a web page on your site (example.com), that's where it initially goes to) or do they just manage the DNS (name server lookup = "tell me where this site is hosted")?

If the DNS for your domain name actually points to the Plusnet server (so that Fasthosts aren't involved other than the DNS lookup, and so that when a web browser loads the site from Plusnet, it is your domain that still shows in the address bar (without framing)), that is the right way to do it on the one hand, but on the other hand, the Plusnet instructions that were posted say that they do not support SSL certificates for hosted domains, unfortunately.

As you mention domain forwarding, I have a hunch that the domain (minimal) hosting actually points to the Fasthosts server, and it either redirects web requests to Plusnet (so that when visitors access the site, the address in the address bar then changes to the Plusnet one), or that they do something really hacky like embedding the Plusnet site in an iframe on the Fasthosts server (so that visitors see the domain name (but never changing, even if they go to a different page on the site))?

An SSL cert is only valid for the hostname(s) that it says it is valid for. This means that if, as seems likely, the hostname is going to the Fasthosts server first (for forwarding) you could in theory get a cert for the domain, but as soon as the page request went to Plusnet it would be back to the non-https Plusnet address (if redirected) or would show "mixed content" warnings (if the non-https Plusnet content was embedded in a frame on the https Fasthosts site), which would probably be even worse.

You mention IIS further up the thread (as I think that is what some or all of the Fasthosts hosting packages use), but as the "real" site is actually being hosted by Plusnet (who have Linux hosting, as far as I am aware), that's probably a moot point.

To be honest, the best option would probably be to investigate a value for money and 'clueful' Linux host (a few tens of pounds a year), which provides (free) LetsEncrypt certs (and manages them for you automatically), and move the site (and DNS) to their hosting instead (Fasthosts also don't have a particularly great reputation, it has to be said). Some well-respected hosting companies good for small to medium websites include Mythic Beasts and 34sp, but there are a quite a few others.

Nocton
Lemon Slice
Posts: 491
Joined: November 6th, 2016, 11:25 am
Has thanked: 134 times
Been thanked: 138 times

Re: SSL Certificate

#407560

Postby Nocton » April 28th, 2021, 8:59 am

Thanks again for further replies. The situation is exactly as dave 559 describes:
"As you mention domain forwarding, I have a hunch that the domain (minimal) hosting actually points to the Fasthosts server, and it either redirects web requests to Plusnet (so that when visitors access the site, the address in the address bar then changes to the Plusnet one), or that they do something really hacky like embedding the Plusnet site in an iframe on the Fasthosts server (so that visitors see the domain name (but never changing, even if they go to a different page on the site))?"

Until I renew the hosting with Fasthosts I'll stick with the switch to Plusnet's https option, which costs nothing and was done in minutes.

brightncheerful
Lemon Quarter
Posts: 2209
Joined: November 4th, 2016, 4:00 pm
Has thanked: 424 times
Been thanked: 799 times

Re: SSL Certificate

#408859

Postby brightncheerful » May 2nd, 2021, 11:00 pm

Organization Validated (OV).
The highest level of validation that an individual can aspire to, and high enough for many businesses. Company credentials and those of the named owners are checked against extensive databases, including those held by local governments.


I have an OV SSL for my website which costs about £150 a year including the ISP set-up, etc. Three years ago, when I first got it, I had to provide extensive documentary information to the provider; they also phoned me to check I exist. The following year renewed without any hassle. This year, I was required to provide extensive information again. As my ISP was surprised at the amount of information requested this time, we reckon the person(s) dealing with the validation were WTF and had nothing much to do other than be pedantic. Either that or the validating company has tightened up its security criteria.

Extensive included copies of bills (invoices) within the last 3 months from utilities and/or government documentation showing my address and telephone number. the latter was a nonstarter as far as I am concerned since apart from my phone bill my telephone number is not on other bills. Photo ID such as driving licence or passport. It is acceptable to redact sensitive information. Also, being a USA provider, the questions are USA-oriented: for example, they wanted a bill confirmation of the state (county in UK) but I pointed out that Royal Mail does not require the county to be in the address, post code is sufficient.


Return to “Technology - Computers, TV, Phones etc.”

Who is online

Users browsing this forum: Google [Bot] and 12 guests