Search This Blog

Monday, August 22, 2016


Google Chrome now blocks access to HTML5 geoocation stuff I need... unless it comes form HTTPS secure server.  Here are a few notes - mainly for Windows IIS.

1) SSL is really for 2 things (a) encryption (b) authentication of your server    - self-signed certificates are fine for (a) but not (b)

IIS - self certificates are really easy to generate and use on HTTPS site but you will get msg about not being trusted as (b) above

2) There's a relatively new Cert authority trying to make HTTPS free   --- 
they seem to have been set up April 2016

You can download a file and put on server to authenticate you are who you say you are...  without FTP you can still do this manually but need to create a file path on your Web server which has folder .well-known    which Windows doesn't like but you can make it do it by doing this:

 .well-known. (the last dot is important), Windows will create the folder and automatically will remove the last dot.

The certificate can then be downloaded and installed on IIS... you need to import the Cert  in  Microsoft Management console if on Windows.. then Complete the certificate import in IIS.

ALT to 2) Instead of going the time consuming pain of (2) then this makes life a lot lot easier.. (Windows)

Run the letsencrypt.exe on your server.. answer the prompts.. it does the authentication using and installs the certificate for you on IIS

Job done...  :-)