Self Signed Certificate HTTPS

Hello community,

So i have a windows machine with a static IP address. And an aws ec2 instance with only nextcloud installed on it. What im trying to do is allow my windows machine to have a (HTTPS) secure connection with the server but im not sure which of the files go where and im completely stuck!

I have the Private Key and CSR file and CRT file created in the server. Now which files go to the windows machine certificate store to allow the secure connection?

What is the set of files that i need to create and where should they be placed in order to achieve this?

I feel like im missing a step here but i don’t know what it is, any help is greatly appreciated!

None of them.

The certificate and key are installed in the web server you use for Nextcloud (usually Apache or nginx).

The CSR you keep on file for renewing the cert when it expires.

Hello @KarlF12 thank you for the response, but then how can i get the green lock on chrome or firefox when accessing the server through its ip address or associated domain?

The green lock simply indicates the certificate is trusted by the browser. HTTPS is active as long as your address bar says “https://“. Since self-signed certs are untrustworthy by definition, this is expected.

If you want the icon then you will need to follow browser-specific steps to install that as a trusted certificate. However, a better solution is to use Let’s Encrypt and get a real certificate.

i see, so any self signed certificates are technically “safe” but untrusted by browsers unless they were configured to do so, right?

They technically enable encryption. I would not go so far as to call them “safe.” Let’s Encrypt is free so there is really no reason not to get a verifiable certificate. You do want your data to be as safe as possible, I assume.

i see, thank you very much for the clarification and help!