Joomla https certificate expired. Need to undo https - joomla

Here's my situation:
I recently inherited a website from someone else who's MIA.
Recently the SSL certificate expired.
Website now can't be accessed properly. It first gives me NET::ERR_CERT_DATE_INVALID and when I bypass it, all UI elements look distorted and don't work.
Tried disabling SSL through Joomla admin page and I can't access the option that's embedded under a "server" tab in the settings page...because the UI elements don't work there as well. (Even joomla admin page is forced through https)
Tried disabling SSL or HTTPS through .htaccess and I don't see that https was enabled through that. In other words, no code for me to disable there.
Anyone has suggestions on how to get this page up and running properly again?

Related

Browsers redirecting http to https

I've read a lot of questions and answers about this topic, but nothing I've seen has helped. I have web app with a node/express backend and an aurelia client. It's one of three I have running in the same subdomain. One of the others has a certificate and the other doesn't. Both of them work perfectly. The new app doesn't have a certificate, but it insists on redirecting all requests to https.
In chrome I've deleted the domain security policy and cleared my cache and I get the same result. It doesn't matter which browser I use. I've even tried a browser I've never used to access the app with a certificate and I get the same result.
The server code is essentially the same as for the app which doesn't use a certificate.
I'd appreciate any suggestions.
Ross

How to use chrome with Windows authentication?

I am trying to perform HTTP get & put operations on a intranet URL which is authenticated using Microsoft active directory domain accounts. This is working fine with IE but not using chrome. My chrome version is 49.0.2623.108.
Accessing the URL throws up a dialog for username and password and upon filling details, it fails with ERR_INVALID_HANDLE. Following are the things that I tried and failed(Please excuse for the lack of brevity):
I tried adding the URL and the Active directory server to Local intranet zones but still chrome returns the same error.
This link https://serverfault.com/questions/19914/google-chrome-passthrough-windows-authentication says we need to use authserverwhitelist for chrome. It is not working. Apparently, this feature of setting parameters has been moved from commandline to policy settings as per https://bugs.chromium.org/p/chromium/issues/detail?id=472145
I tried using policy settings like using chrome policy template. I imported the policy template on local computer policies\Administrative templates in gpedit.msc and set the parameters AuthServerWhitelist and AuthNegotiateDelegateWhitelist. I restarted the machine as well. It didnt help. Chrome still throws the same error.
I tried setting AuthserverWhitelist and AuthNegotiateDelegateWhitelist parameters on registry as well under path: HKLM\Software\Policies\Google\Chrome.
Is there a way to get this working on google chrome(version 49.0.2623.108)?
PS: Also after development, I am looking to package these web pages into a chrome app. Would chrome allow usage of windows active directory authentication in its app environment? Is there any way to fix it?

Magento Cookie Issue. Why does it happen?

I have a Magento website up and running. Suddenly I could not Login to the website and could not add products to the website. On login, it simply redirected back to login page from admin end. And on adding product to cart it kept asking for enabling cookies.
Now I have updated the value of "web/cookie/cookie_domain" in core_config_data to "", and it started working fine, though previously the value was the domain name. Can anyone really suggest/explain why does it behave like this?
Magento also has an issue where if you use the bare domain and a subdomain to try accessing the site, it can set two cookies, one for example.com and one for subdomain.example.com.
You will have issues logging in for either front or admin sessions until you delete all the Magento cookies pertaining to your domain. Setting cookie paths, domains and redirecting all bare domain traffic to www or all www traffic to bare domain is necessary to prevent the issue.
search the web and found solutions.
Disable redirect to enable-cookies CMS page
Go to System –> Configuration –> General –> Web –> Browser Capabilities Detection –> Redirect to CMS-page if cookies are disabled = No
for more info you See this link.I hope solve your problem.

Magento site keeps requesting login information browsing between cart & products

website - http://www1.internetvoipphone.co.uk/
Note - http://www.internetvoipphone.co.uk/ uses V1.3.2, www1 address is our V1.6 dev site before going live so please only look at that one.
Issue - when a user logs in then browses back to a product page they switch from https back to http which in turn logs them out, we cant find a reason why magento changes some links to https but not others
account details for testing:
username: test#test.com
password: password
I've tried resetting to the default template but the issue still occurs so it must be a magento config issue, any help greatly appreciated
The issue seems to be caused by cookies, we use two URL's www1.internetvoipphone.co.uk and secure.internetvoipphone.co.uk, each domain was sending out a cookie "frontend" which seem to have been conflicting.
setting the cookie domain to .internetvoipphone.co.uk generates a single cookie and as yet seems to have fixed the issue.
Yes the cookie path and also the browser's cache can wreak havoc with Magento when using a development installation, even if on another domain.

How to avoid Security messages / security alerts from IE

We are getting security message like this while executing url:
There is a problem with this website's security certificate. The security certificate presented by this website was not issued by a trusted certificate authority.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. We recommend that you close this webpage and do not continue to this website. Click here to close this webpage. Continue to this website (not recommended).
More information
Same type of security alerts with message like this
This page is accessing information that is not under its control. This poses security rish, DO you want to continue?
How to avoid them through code either javascript, jsp or any way. We can not ask each user to modify their internet options. Please let me know if there is any solutions for this
That's browser behavior that you can't and shouldn't be allowed to modify using JavaScript, or anything else for that matter. In fact, these security alerts are there to warn the user that something is (potentially) wrong. If you could disable them, there would be no point in having them, right?
Fix whatever problems you have with the security certificate and you'll be fine. I'll guess here that your certificates are self-signed - buy one. They are not that expensive.
You need to install a current, valid certificate on your web server.
There is a problem with this website's security certificate could mean you need to check that the clock is set correctly.
Host all content on an https website. not an http one. You do not need a certificate then.
1> The security certificate presented by this website was not issued by a trusted certificate authority.
This message indicates that the page is using a HTTPS-based resource which has a certificate which does not chain to a globally trusted root certificate. If you don't know what resources/URLS are causing this, open the F12 Developer Tools and look at the Console tab, or run Fiddler and watch for the warning popup.
2> This page is accessing information that is not under its control. This poses security risk, DO you want to continue?
This message is shown when you attempt to use an XMLHTTPRequest object to request data from a cross-domain location (e.g. www.domain.com tries to grab data from domain.com). That operation is a violation of Same-Origin-Policy.
By default in IE, this is blocked, but inside the Intranet Zone, this feature is set to Prompt and thus you see this message instead.
To fix this, either change the request URL so that it does not go to a different domain, or use XDomainRequest, or use a serverside proxy page to make the cross-origin data request from the server rather than the client.

Resources