There is one server where php application is hosted under IIS. I have installed the ".pfx" file on the server and associated it with IIS application.
When developers connects to this application , they are getting below error.
This certificate is valid (not expired) and issued by an authorized org.
"cURL error 60: SSL certificate problem: self signed certificate in
certificate chain"
Don't know why they are getting errors. I don't want to turn off the "CURLOPT_SSL_VERIFYPEER " option.
What I have found , when an application connects to the server, it accepts that request. But then this request makes another API guzzle call to get some data. AT this stage , the application is throwing an error.
Why is it causing this issue ? and How to fix this error?
The browser reports that the connection is insecure, so the certificate hasn't loaded correctly. However, then manually opening the website it loads correctly.
Can anyone tell me how to fix Invalid certificate issue, It's result in to launching the wrong URL.
I tried with "chromeWebSecurity": false in my cypree.json, but no luck.
Please help me to solve this issue.
I haven't done this myself, but Cypress docs say that it's expected: You'll notice Chrome display a warning that the 'SSL certificate does not match'. This is normal and correct.
Note, that Cypress allows you to optionally specify CA / client certificate
https://docs.cypress.io/guides/guides/web-security#Examples-of-what-Cypress-does-under-the-hood.
So if the fake Cypress certificates are causing issues for you, you can try supplying your own certificates.
if it is not your website, you cannot fix it.
what you can do is verify why it is invalid, and decide to accept it and still open an https connection with the server although the certificate isn't valid.
usually the steps are:
click Advanced button
read and understand
click Accept or close the tab
the common reasons for a certificate to be invalid are:
domain name invalid, the certificate is installed for multiple vhost, and you have accessed the service for a domain name not defined in the certificate. www. is required, only * is specified without empty domain. totally wrong domain name. etc.
certificate is expired. check the date, it might be expired and decided if that makes sense to you
certificate isn't trusted, self-signed or using an authority not trusted by your browser.
if it is your website, these are the same reason, so you should be able to replace the certificate with an appropriate one.
by the way, this might not be a question for stackoverflow, maybe more for superuser, but I am happy to answer it anyway.
hope this helps you and others
cheers,
I am getting an 'invalid issuer' error when trying to access a local site. As can be seen in the screenshot, the root CA certificate has been imported and trusted. So, why do I still get this error?
The certificate works correctly in Firefox after importing the CA cert.
Mac OS does not support Name Constraints. Removing this property from the root certificate solved this issue in our case. For background see: https://security.stackexchange.com/questions/95600/are-x-509-nameconstraints-on-certificates-supported-on-os-x
(You don't appear to be using this property according to the screenshots, but I'm still posting this as it might be a valid solution for others)
I am using website payments standard provided by paypal. I have generated the code for paypal pay now button. I have generated a key and certificate pair for my application and also have uploaded my application certificate to paypal and retrieved their public certificate as well as the cert id for my application certificate.
Using the paypal public certificate and the cert id I am attempting to encrypt data sent to paypal and then sign in it using my private key. The entire code for application is written in ruby on rails. But for some reason I always keep getting "Cannot decrypt cert id" when I try to make a payment. On investigation I found out that the error is in this line of code
OpenSSL::X509::Certificate.new File.read("paypal-public.pem");
This line throws a nested ASN1 error.
According to another stackoverflow question I tried adding \n to the end of the .pem file but to no avail.
Any assistance with this regards will be highly appreciated
Thanks in advance.
Has anyone stumbled upon this error:
Error code: sec_error_pkcs11_device_error
I get it when I'm trying to access a web page where I should authenticate with my digital certificate (SSL). My certificate is not expired yet and now I'm getting this error.
Please anyone help.
I have got this error with Firefox browser while trying to use a certificate which was not trusted by the server (IIS 7.5) having to use it. Using a trusted certificate on server side solved the issue for me.
If you need more detailed instructions on how to handle certificates, I found following resources quite valuable:
https://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-in-iis-7.html
https://www.sslshopper.com/move-or-copy-an-ssl-certificate-from-a-windows-server-to-another-windows-server.html