Do I need to associate my backend API server with a domain name to get an SSL certificate for it (HTTPS)?

I have developed my DRF back-end API locally, deployed it on an AWS Lightsail instance (with a public static IP) and I now want to secure it with HTTPS.

I understand that in order to use Let’s Encrypt (and not pay for an SSL certificate), I have to have a domain name associated to my instance IP since Let’s Encrypt doesn’t provide certificates for public IPs. As this is my back-end API (and not just a website), I don’t intend to buy a domain specifically for this.

  1. Can I, somehow, associate my Lightsail IP with another domain that I’ve already purchased (and is used to host my company’s landing page)? If yes, will there be any impact on my API’s performance?

  2. Is there any other alternative to obtain an SSL? (Apart from paying another CA to issue this for my public IP?)

Go to Source
Author: kingJulian

How to authenticate an Add-In on interprocess communication

We are considerung to build an Windows application that is split in 2 parts:
One part running as a Windows service and the other part as Add-Ins.
There could be different kinds of Add-Ins:
For Microsoft Office, for Microsoft Management Console (MMC) and for the PowerShell.

The service as well as the Add-Ins are digitally signed with a companies certificate and are all running on the same machine.
The service runs in a different user account than the Add-Ins.
The Add-Ins may run in various interactive user accounts.
The Add-Ins need to communicate with the Windows service to exchange a secret that is known to the service only, but is needed at the Add-Ins to get access to some sensitive data.
Therefor the Add-In would connect to the service (via e.g. named pipe) and requests that secret on demand.
But we need to avoid that another application/process does the same and gets the secret.
Only those Add-Ins that belong to our application (that are digitally signed with our certificate) may get the secret. In other words, the Add-Ins need some way to authenticate themself to the service.

So my question is:
How can the Add-Ins authenticate themself to the service while requesting the secret? Is it possible to use the digital signature (or someting else that is unique to them and to the service) for this?

It might get more difficult when considering, that the Add-Ins are hosted by processes that might be signed with different certificates (e.g. Word.exe, mmc.exe, …).

We are implementing on the .NET Framework.

Thanks for any kind of help.

Go to Source
Author: MartinM

Regularly receiving suspicious certificate errors online

For the past few weeks, I have frequently been receiving error messages from websites stating that the certificate is invalid. This tends to happen for a while and then resolve itself. Other devices on the same network connection are also experiencing odd behaviour, including a very sporadic internet connection that is either very slow or turns on and off. We had an engineer visit this week to diagnose whether there was a faulty connection, but they left, happy that the connection is working properly.

I understand that receiving ‘bad’ certificates can sometimes be a sign of the system clock or internet settings being poorly configured. I had assumed this might be the case, until I interrogated one of these ‘invalid certificate’ messages more closely (from Firefox on Mac):

Web sites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for eur03.safelinks.protection.outlook.com. The certificate is only valid for the following names: cloudflare-dns.com, *.cloudflare-dns.com, one.one.one.one, 1.1.1.1, 1.0.0.1, <…>

The website I was trying to visit in this case has nothing to do with cloudflare, and the links above lead to a website that appears to be selling a VPN-type service.

Should I be concerned that my internet connection has been tapped, and what would be the appropriate action to take to shake this off?

Go to Source
Author: CaptainProg