I am running a local development website. The certificate securing it is issued by my own internal certificate authority. I have added the certificate authority to the MacOS keychain and marked it as trusted.
This used to work. Over the weekend, it stopped working. I would love to say that I've changed nothing, but obviously something has changed. Nothing specific comes to mind (perhaps a Chrome auto-update after a restart?)
I am on Chrome Version 59.0.3071.115 (Official Build) (64-bit)
I have checked the local site with Opera and Firefox and it loads securely as intended. (I have added the CA cert to the respective trusted roots for each browser). Safari works well too. Only Chrome is giving me grief.
If I look at the developer tools, the security panel is sending mixed messages. It says the cert is valid, but complains that the page is not secure. It is not possible to view the cert:
#dorian is right. The issue is explained in https://bugs.chromium.org/p/chromium/issues/detail?id=715969 . It was not the TeleText string bug that is described in the beginning. Rather, it was that I had generated a version 1 SSL cert, while it should have been a version 3 cert.
Instructions for creating version3 certs with OpenSSL:
Creating an x509 v3 user certificate by signing CSR
Related
Since you can no longer obtain an SHA1 certificate from the normal certificate authorities, even if you want one (because MS told them they can't), I've created a self-signed certificate following this but using sha1. I can have my CA certificate installed so certificate works fine. But for drivers, specifically 2K/XP prior to SP3, I need to cross sign it with the /ac option. Is there anyway to do that or is that whole platform now going to be hard to support any driver updates without users having to disable driver certificate requirements?
I have developed an app in mac osx.
the app runs properly locally.
Now I'm trying to distribute the app internally with other peers. ( without having to go thru the app store )
I created a self signing cert.
I installed the cert and add it to trusted ( it is a ROOT cert )
I then signed the app with my self signing certificate.
all is good. the app still runs properly locally after being signed ( I verified that it is indeed signed )
My next step was to upload the signed app to s3. after downloading the app. the os security settings prevented the launch of the downloaded app - ( unidentified developer) - this is the same machine that has the cert installed..
so I'm not sure why I still receive the unidentified developer error? my assumption is if I the cert is present ( and trusted ) in the target machine - the os should allow the app to go through.
is this assumption is incorrect - if so what values does the self sign add ( I guess nothing ) . if it is not true , I maybe have the wrong cert ?
You receive the error after downloading your .app because whatever you used to download it (your web browser?) has set the quarantine attribute, which forces Gatekeeper to kick in. You can read more here.
Gatekeeper is looking for a "developer" certificate, one that is issued by Apple (and has the Apple Root CA as it's root certificate). It's not just checking that the root CA is trusted.
e.g. codesign -dvvvv /Applications/Google\ Chrome.app/
Authority=Developer ID Application: Google, Inc. (EQHXZ8M8AV)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Your self-signed certificate is not an Apple-issued developer certificate, so Gatekeeper won't recognize it.
For some reason, Firefox today started issuing warnings about the SSL certificates on our web applications, but supplies very little information. Everything works fine in IE/Edge and Chrome. The application is at https://ps.ecco.com
How can I find out more about what's going wrong with the certificates and how do I solve the issue?
I'm facing an issue with self-signed certificate in Windows Phone 8 app. I have installed the certificate (.p7b) manually and it works fine when I browse through the site in IEMobile.
But when I visit the same, using the WebBrowser control in my hybrid app, The certificate error still shows and can't be ignored, even after tapping Continue. Isn't the Certificate installed System-wide or is it just for IE?
I have referred many links regarding this but in vain. Any help would be jighly appreciated. Thank you.
I had the same issue, and it turned out to be a hostname mismatch between what the certificate contained and the address I was using to connect to the server. If those match, and you install the P7B file on the Windows Phone device, then you should no longer see certificate warnings.
For the full details of my issues and solution, see this thread on MSDN.
We are developing a WP7 application which is connected to a server using OAuth. It's a low budget project. So, we are only using self signed certificates even on the production server. That worked fine for the android client.
Is there a chance to work with
unsigned certificates on WP7 also?
Is there a way to make the app work
out of the box with this kind of
certs? So, that the user doesn't
need to install the cert manually?
We failed to install the cert on the emulator. Did you have the same kind of problem? How did you solve it?
Does Microsoft allow apps with this kind of certs in their market
How to: Set up an Authenticated Web Service for Windows Phone on MSDN describes how to go about using authenticated services. According to SSL Root Certificates for Windows Phone, the only trusted certificate authorities are:
AOL (USA)
Comodo (USA)
DigiCert (USA)
Entrust (Canada)
GlobalSign (UK)
GoDaddy (USA)
Keynectis (France)
QuoVadis (Bermuda)
So I'd say that a self-signed certificate won't work.
Did you try using the emulator's browser to navigate to the .CER file that represents your self-signed root? That works on the physical hardware, and seems like it might work on the emulator as well. But you absolutely shouldn't expect to ship like this; a Go-Daddy cert is like $15/year.