Hi I have recently activated SSL on my domain however Safari, Edge and firefox are saying my site is insecure edge is showing this message:
The hostname in the website’s security certificate differs from the website you are trying to visit.
Error Code: DLG_FLAGS_SEC_CERT_CN_INVALID
However chrome seems to have no issues displaying the site
I have looked up my SSL certificate and it says this (MyDomain.co.uk I have changed from my real domain):
Certificate does not match name MyDomain.co.uk
Subject hostinger.com Valid from 20/Jun/2017 to 13/Mar/2018
Issuer COMODO RSA Domain Validation Secure Server CA
Subject COMODO RSA Domain Validation Secure Server CA Valid from
12/Feb/2014 to 11/Feb/2029 Issuer COMODO RSA Certification Authority
Subject COMODO RSA Certification Authority Valid from 30/May/2000 to
30/May/2020 Issuer AddTrust External CA Root
Could this be the problem?
And how do I resolve this issue?
Thanks in advance
Related
I have configured the CName record on GoDaddy to point www to # and I created an SSL Certificate for mydomain.com.
I have no problem accessing it via https://example.com, but it throws SSL exception
"Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for www.example.com. The certificate is only valid for example.com."
if I access it via https://www.example.com.
What's the issue with that - since I have created the CName mapping for www.
When your browser checks certificate, it just takes what's between https:// and / (if any). Since www.example.com does not match the subject in your SSL cert, the validation fails.
You need to check the knowledge base of your CA to generate a proper certificate which would have www.example.com listed as the alias in your certificate.
I'm working in a lab environment. I have a Windows-based CA and an SSL-secured website on IIS (on the same machine) with a cert issues from that CA.
When I browse to this site in Firefox using SSL, I get an error "The certificate is not trusted because the issuer certificate is unknown."
If I go to Tools -> Options -> Advanced -> Certificates -> View Certificates -> Authorities, my CA's cert is in the list. If I double-click that certificate, I get "Could not verify this certificate because the issuer is unknown."
Isn't the whole point of adding a CA's cert into the Authorities list to tell Firefox, "Hey... you know this CA, go ahead and trust the certs that it issues?"
How do I fix this problem?
Firefox is (most in his Desktop versions) very special in checking certificates. Where Google Chrome meets the root certificate, Firefox needs the FULL chain up to the root certificate in your crt file. And don't forget to prefix https:// to request!
I added self signed certificate in .pem format in Firefox under Authorities tab. When I access site, Firefox throws error
mozilla_pkix_error_ca_cert_used_as_end_entity
It says that the certificate is not trusted because it is self signed. What can be issue?
If you add the certificate as authority then it should be used as authority, i.e. for signing other certificates. If you instead use it as a server certificate (i.e. as end entity and not authority) then it should not be added as authority to firefox but instead as server certificate. This will be automatically done if the certificate is not known and you click through the certificate error messages when connecting to your site and accept the sites certificate permanently.
You should also make sure that your certificates contains the necessary key purpose to be used as a server certificate.
We have ASP.Net generic handlers that support HTTPS requests only.
Example: https://{domainname}/userservice/getfriends.ashx
Please suggest a solution for processing the https requests in Winows Phone 7.1 using HttpWebRequest. When I am binding the https images (for example https://{domainname}/userserivce/23232.jpg only), it's raising the error.
Is your SSL certificate signed by a Root Certification Authority trusted by Windows Phone (example: Verisign) or is it a self-signed certificate?
If it's not from a valid trusted root certification authority, export the signing root certificate, send it by email to the device, and then install the certificate; check this answer for more info.
I would like to ask when is the purpose of a certificate, like Server Authentication, Client Authentication, set for the certificate.
Is it when we generate the CSR or when it is signed by the CA?
The CSR is a Certificate Signing Request. If it is a PKCS#10 request (by far the most common type) it can indicate which extensions are requested and that can include the Extended Key Usage (aka purpose). But the CA ultimately decides what to include when it creates and signs the cert. It could choose not to issue a cert. It could issue a cert with a subset of the requested attributes. It could issue a cert that is completely different. It could issue a cert that is exactly what the CSR requested.