Skip to Main Content
Forums

Cloud Platform

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

SSL Certificates and Remote Access/DNS Pro

Michael.R.Taylor-OracleMay 9 2019 — edited Oct 20 2019

Commonly, a user will request to add a SSL certificate to a hostname they use via their Remote Access/DNS Pro service. Unfortunately, regardless of reason or use case, this simply is not possible.

In short, SSL Certificates are associated with the server and Common Name, not the IP address, making them incompatible with the Remote Access/DNS Pro service. You can apply SSL certificate in conjunction with other Oracle Dyn DNS services using your own registered domain, including Standard DNS and Managed DNS.  All SSL configuration and management in these cases would be done without involvement of your DNS service or account and should require no additional support from Oracle Dyn.

Please note that we (Oracle Dyn) are not a SSL certificate provider.

Comments

snailhead

To get around this issue, I recommend users of DynDNS consider "Let’s Encrypt" and Certbot.

Because we cannot add a TXT record in DynDNS, wildcard SSL certs won't work unless Oracle adds that as an offering.

1 person found this helpful
User_OWFKE

Yes, LetsEncrypt/CertBot works great with DynDNS.

1 person found this helpful
User_GIIZ1

Digicert claim that DynDNS have requested they not sell certificates for DynDNS sub-domains. This is despite one of their domain control validation methods (File DCV - https://docs.digicert.com/manage-certificates/dv-certificate-enrollment/domain-control-validation-dcv-methods/use-file-dcv-method/) being easy to achieve for most setups, however it fails for DynDNS sub-domains. A packet capture of traffic arriving at the host shows Digicert don't even attempt to validate the file. The response from Digicert's helpdesk was "Your are authorized to use a sub-domain of dyndns.org but you do not own the base domain. The owner of the base domain (dyndns.org) has asked us not to validate their domain in our systems and we have to honor that."
This seems like a pretty non-technical answer, as does the statement in the post above "Unfortunately, regardless of reason or use case, this simply is not possible". Why is that "simply not possible" when Let's Encrypt works? What is the actual technical reason, or is this some form of collusion or anti-competitive behaviour?

1 - 3

Post Details

Added on May 9 2019
#domain-registration, #dyn-community, #general-discussion, #remote-access, #standard-dns, #traffic-management
3 comments
2,350 views