Mac chrome not able to add trusted site - macos

I just switched over from a windows machine to Mac for work and I cant seem to get the configuration for adding my local dev page to by pass the SSL security as the certificate we have for the local has expired.I have this issue for chrome and Safari but for FF I am able to by pass by adding my url to the trusted site list.
Any help is highly appreciated as I'm kind of stuck.
This is what I have tried so far.
Disabled the "Allow invalid certificates for resources loaded from localhost" from chrome flags
In the keychain, even though my certificate expired I configured it to "Trust Always"
I did try a couple of other setting. But nothing seemed to work.

This is a pretty bizarre way to bypass this SSL check, but it worked for me.
Type blindly while in Chrome: "thisisunsafe"
The page will refresh and it will allow you in!

Related

There is a problem with this website’s security certificate

I've a problem in my browser !,
I watched many solutions on youtube to fix this problem.
I did everything, I changed date and time of my computer.
I think this error occurs as a result of a browser that does not recognize the authority of the certificate.
I can browse all sites like "Google, Youtube, Gmail, stackoverflow, etc .." "except for this site" https://id.sonyentertainmentnetwork.com/id/management/ "
I use windows 7 home premium 64 bit,
Google chrome -> last version,
IE -> 11
Please try to browse this site "https://id.sonyentertainmentnetwork.com/id/management/"
"Problem with this website's security certificate" is a generic error message that Internet Explorer gives you when there is a problem establishing a secure connection (https://) to a website using the site's SSL certificate.
This error message can be caused by any number of issues. For example, here are some of the causes:
Your computer and the website's server could not agree on cryptographic algorithms to use for the secure connection. This can sometimes happen for older versions of Internet Explorer.
The authenticity of a website's SSL certificate could not be verified by a Certificate Authority (CA).
You did not provide enough detail in your question to figure out the exact cause of the issue. But, in this case, updating your web browser may help fix the issue.
I think it is just a common browser error that is not letting you visit that website with HTTPS.
I tested that website and it working fine in my browser. (Tested through Chrome, Firefox, Opera, and IE). So I think the issue is with your system.
Try clearing the cache and cookies for that particular website
Clear the SSL State from Internet Options
Disable QUIC Protocol of Google Chrome
Source: https://aboutssl.org/fix-google-chrome-error-err_ssl_protocol_error/
Try this:
Download de certificate:
https://letsencrypt.org/certs/isrgrootx1.der
Right click on this file.
Install Cerficate
Next
Click on second opticn. (my windows on pt-br -"colocar todos os cerficiados no repositorio a seguir") Browser
Select = Autoridade de certificação Raiz confiável.
OK
Next
Finish

Problem with Security Information Message Pop Up Box

I am having great issues trying to debug a page on a web application used internally on an intranet. When entering the page the "Security Information" Pop Up Box appears. The whole application is running under https.
To try and debug the issue, I have used Fiddler, and looked at the urls for every component, javascript, css, images, and user control components. Everything I have seen from Fiddler shows that the urls start with required https!
So, I am completely confused why this message should be shown - it appears everything the page is posted back.
Does anyone have any idea why this should be happening and/or have another tool that could help me?
Thanks
I'm pretty sure that what you are seeing is the result of a self-signed certificate. If a certificate you're using isn't trusted by a known certificate authority (Verisign or a similar company) your web browser can't verify that it comes from a trusted source.
Also, look at what the error is saying, because it usually tells you which part of the security verification failed.

Windows Authentication doesn't prompt for login

I've had Windows Authentication setup on an area of our website for some time now, and it has worked flawlessly so far.
Recently, the login prompt stopped appearing and went straight to "Page cannot be displayed" for some reason.
While connected to our network, the page works fine.
Outside our network, users are supposed to receive a login prompt but they now do not, instead receiving the "page cannot be displayed" error.
Why would this suddenly occur, and how is it fixed? I have tried removing the virtual directory and re-adding it but nothing seems to work.
The strange thing is this is only happening in IE - Google Chrome works fine (I receive the login prompt).
Is there a setting or something inside of IIS that disables this login prompt or something? It is strange it is an IE specific issue as well - there were no changes to the state of IE from one day when it was working to the next where it wasn't.
Anyone have ideas on what might be causing this?
Thanks
Oddly enough, I'd wonder why you were getting the login prompt before now.
If you're logged in to Windows and the site you're browsing to uses Windows Auth, IE will automatically try to pass the logged in user's credentials to the site (this all depends on your domain configuration/trust setup...something may have changed with those settings at the domain level that changed the behavior of your IE).
Chrome/Firefox/Safari don't have this functionality, which is why you're still getting a login prompt.
There is a checkbox in internet options->advanced tab to enable/disable Windows Authentication, but you said that there were no changes. Either way it is something to check.
It sounds like you are hitting a security setting in IE.
IE stops windows authentication information from being sent to sites that you do not trust.
You could try adding the site to your list of trusted sites.
You can start by taking a network trace both Internally and Externally, reproduce the issue and see if the request actually reaches the web server. Also, check the IIS logfile for the "Page Cannot Be Displayed" response.
Let me know if that helps or if you have more questions.
Regards,
Vivek.
You need to take a network capture (www.fiddlercap.com) to get any real help with this.
IE supports the "Negotiate" protocol in addition to NTLM; Chrome and other browsers typically only support NTLM.

Problem with SelfSSL and Firefox 3

I have a IIS website with a security certificate setup using SelfSSL (part of the IIS Resources toolkit). The certificate appears valid when I view it in ISS and it works fine for IE, Safari and Google Chrome. However, in Firefox 3 it does not consider the certificate valid and therefore shows a certificate warning when you view a secure page on the website.
This is only a problem because I am using Selenium to automatically test the site. I have tried using custom Firefox profiles to solve this problem and this works ok with one IIS site. But when each developer has their own site you have to keep adding exceptions to this custom profile.
I can use other browsers for the Selenium scripts, but I would rather use Firefox (the form input on IE seems to run much slower than Firefox).
I think the easiest way around this problem is to have valid certificates in the first place, hence I started using SelfSSL. Any ideas why Firefox doesn't seem to take any notice?
SelfSSL does not generate a valid certificate - it generates a self signed one. To get a valid certificate you have to buy one from a certificate authority.
If your IE, Chrome or Safari do not show a warning when visiting your secured page it means that you have added this new certificate to trusted certificates database of your account. You can do this in Firefox too - it just has a separate database. But your every user has to do this for himself.

Is there a way to make Firefox ignore invalid ssl-certificates?

I am maintaining a few web applications. The development and qa environments use invalid/outdated ssl-certificates.
Although it is generally a good thing, that Firefox makes me click like a dozen times to accept the certificate, this is pretty annoying.
Is there a configuration-parameter to make Firefox (and possibly IE too) accept any ssl-certificate?
EDIT: I have accepted the solution, that worked. But thanks to all the people that have advised to use self-signed certificates. I am totally aware, that the accepted solution leaves me with a gaping security hole. Nonetheless I am to lazy to change the certificate for all the applications and all the environments...
But I also advice anybody strongly to leave validation enabled!
Try Add Exception: FireFox -> Tools -> Advanced -> View Certificates -> Servers -> Add Exception.
I ran into this issue when trying to get to one of my companies intranet sites. Here is the solution I used:
enter about:config into the firefox address bar and agree to continue.
search for the preference named security.ssl.enable_ocsp_stapling.
double-click this item to change its value to false.
This will lower your security as you will be able to view sites with invalid certs. Firefox will still prompt you that the cert is invalid and you have the choice to proceed forward, so it was worth the risk for me.
Go to Tools > Options > Advanced "Tab"(?) > Encryption Tab
Click the "Validation" button, and uncheck the checkbox for checking validity
Be advised though that this is pretty unsecure as it leaves you wide open to accept any invalid certificate. I'd only do this if using the browser on an Intranet where the validity of the cert isn't a concern to you, or you aren't concerned in general.
In the current Firefox browser (v. 99.0.1) I was getting this error when looking at Web Developer Tools \ Network tab:
MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
I was trying to debug an Angular app which is served at https://localhost:4200... however the real port it's pointing to and being debugged from in Visual Studio 2022 is 44322.
I had to follow these steps to fix the issue:
Open Firefox Settings;
Look for Privacy & Security tab on the left;
Scroll down to the bottom and look for Certificates;
View Certificates;
In this window you must click Add Exception and enter the location. In my case it was:
https://localhost:44322
Click Get Certificate button;
Click Confirm Security Exception button.
After that, try reloading your page.
Instead of using invalid/outdated SSL certificates, why not use self-signed SSL certificates? Then you can add an exception in Firefox for just that site.
Using a free certificate is a better idea if your developers use Firefox 3. Firefox 3 complains loudly about self-signed certificates, and it is a major annoyance.
If you have a valid but untrusted ssl-certificates you can import it in Extras/Properties/Advanced/Encryption --> View Certificates. After Importing ist as "Servers" you have to "Edit trust" to "Trust the authenticity of this certifikate" and that' it.
I always have trouble with recording secure websites with HP VuGen and Performance Center
Create some nice new 10 year certificates and install them. The procedure is fairly easy.
Start at (1B) Generate your own CA (Certificate Authority) on this web page: Creating Certificate Authorities and self-signed SSL certificates and generate your CA Certificate and Key. Once you have these, generate your Server Certificate and Key. Create a Certificate Signing Request (CSR) and then sign the Server Key with the CA Certificate. Now install your Server Certificate and Key on the web server as usual, and import the CA Certificate into Internet Explorer's Trusted Root Certification Authority Store (used by the Flex uploader and Chrome as well) and into Firefox's Certificate Manager Authorities Store on each workstation that needs to access the server using the self-signed, CA-signed server key/certificate pair.
You now should not see any warning about using self-signed Certificates as the browsers will find the CA certificate in the Trust Store and verify the server key has been signed by this trusted certificate. Also in e-commerce applications like Magento, the Flex image uploader will now function in Firefox without the dreaded "Self-signed certificate" error message.
For a secure alternative, try the Perspectives Firefox add-on
If this link doesn't work try this one:
https://addons.mozilla.org/en-US/firefox/addon/perspectives/
The MitM Me addon will do this - but I think self-signed certificates is probably a better solution.

Resources