Hello everyone,
I’m curious about whether this is possible to achieve or not.
I have a local apache webserver part of a xampp package on a windows 64 bit machine. The machine is part of a network behind a firewalled router with DDNS configured with afraid.org on a subdomain of their domains.
Now I know it’s not really recommended to have a local server “open to the world” but it’s really only available when I’ll be showing clients work being done but I do like the idea of having SSL…
I checked some of the implementations available (List of Client Implementations) and I had given ACMESharp a try which unfortunately didn’t work, cert remains invalid… Despite having gone through the instructions, I could not validate the cert…
I know I could go through the makecert.bat within XAMPP but I’m reluctant to self sign (uncertain of security/efficiency/etc)
I’d like to know if someone attempted this already. if so, how they went about it? which implementation to recommend to someone who’s not fluent with this stuff but not totally illiterate.
While I don't know much about Windows clients, I do know about how the certificate authority validates certificate requests. So,
can you receive inbound connections from the Internet on port 80, as seen from the outside world's point of view, using your domain name?
how about on port 443?
can you update arbitrary DNS records within the DNS zone?
If you or computers that you control are the only ones connecting to the site, then it's better than having a CA-issued certificate (because you know whether it's right, rather than relying on other people to tell you that it's right). If you have people connecting from devices that you don't control, then the Let's Encrypt certificate may offer better security and convenience in some ways.
The certificate does not make the cryptography inside the connection more secure; it just says "this public key is OK to use when connecting to this site". If you're the site operator, you know what public key to use when connecting to your site better than any certificate authority does. But people connecting on their own devices that you don't control may not know how to tell whether the key is right, and a certificate authority can help with that.
I can do port 80. I haven’t tried 443
I’m not too sure about DNS records within DNS zones… I’ll try to read up on that.
And I appreciate the clarification on self signing… It actually makes much more sense now…