Enable https for play framework - https

I wish to enable https on my site which is based on play framework.
I have the below settings in conf/application.conf as described in the documentation for play version 2.3.x in https://www.playframework.com/documentation/2.3.x/ConfiguringHttps
# https settings
https.port=9443
https.keyStorePath=/home/username/.keystore/example.jks
https.keyStoreType=JKS
https.keyStorePassword=mysecurepassword
https.keyStoreAlgorithm=RSA
However, when I hit https://example.com:9443/ I get the error "ERR_CONNECTION_REFUSED" in Chrome. Is there something wrong in my configuration?
Appreciate any pointers/help on this.
Note:
I have created the keystore and installed the certificate there.

Related

Edge dev tools for VS Code gives "ERR_UNSAFE_REDIRECT" error during authentication, possibly from the "file:///" url scheme - is there a workaround?

I am currently using the latest stable VS Code version on Windows 10 (ver 20H2, build 19042.1826) with the Edge Dev Tools VS Code extension. The application I'm currently developing is just a static site using Vue.js, not using a Node.js server to run and debug. The Edge tools work great, right out of the box. I started up the app by opening the root "index.html" file, and clicked "Run and Debug" per the documentation.
The app starts up, I can hit breakpoints, etc. all good. However, this app uses a 3rd party service to authenticate and authorize users (from ArcGIS Online) and it seems the "file:///C:/path/to/root/index.html" url is not allowed to be redirected back to from the authentication service page.
My Google-fu is failing me here and I can't seem to figure out how this would work. Has anyone experienced such an issue before? Is it possible to use a "http://localhost" url on some port here instead?
The authentication service disallows setting a redirect url which has a "file:///" scheme.
In order to avoid exposing users to open redirector attacks, developers must register one or more redirect URLs for the application. The authorization server must never redirect to any other location. You can try adding a redirect URI according to this doc.
IMO, file:/// scheme may not work, so I suggest you use a http://localhost url since only http and https are mentioned in the doc.
To resolve this issue, I followed the guidance in yu-zhou's comments above. My solution was to use the Live Server VS Code extension to host and run the app locally. I set the "NoBrowser" setting in Live Server to "true" so that a new browser instance would not be launched on Live Server startup. I then configured launch.json as follows:
{
"name": "Edge: Debug app",
"request": "launch",
"type": "msedge",
"url": "http://localhost:5500/my-app/index.html",
"runtimeArgs": ["--disable-web-security"],
"skipFiles": ["<node_internals>/**", "**/*.com*/**"]
}

Postman can't reach localhost

I am in a corporate env so I have to use a proxy to reach servers. This works well in postman and in browsers. What I can't reach is localhost in postman but I can reach localhost in the browser.
I am running Postman for Linux Version 6.0.9. I have tried reaching localhost:9082/rest/myapi.... and 127.0.0.1:9082/rest/myapi with both global proxy and system proxy turned on and with either turned on and with non turned on. In all cases I am not able to reach localhost.
What I get as an response is an error page from the proxy server! Someway the call gets out on the network instead of being kept on my machine.
The postman console:
My request headers are:
Cache-Control →no-cache
Connection →Keep-Alive
Content-Length →986
Content-Type →text/html; charset=utf-8
Pragma →no-cache
Proxy-Connection →Keep-Alive
My response headers are:
cache-control:"no-cache"
pragma:"no-cache"
content-type:"text/html; charset=utf-8"
proxy-connection:"Keep-Alive"
connection:"Keep-Alive"
content-length:"986"
My response body is an html page.
How can I make a call to localhost work with postman?
I was having similar issue with HTTP calls to local ASP.NET Core Web API apps. Changing the proxy settings didn't fix it for me.
Finally fixed it by turning off File > Settings > General > SSL Certificate Verification
I have the same issue. What works for me is:
Open File -> Settings -> Proxy
Then, enable proxy and put 127.0.0.1 : 80, if your web server runs on 80.
In the git thread, they say it is a known issue, so hopefully it will get resolved soon.
I solved this by Turning off System proxy of Postman.
Open File -> Settings -> Proxy
Then Turn off Use System Proxy
#Menuka Ishan Answer is correct. But in mac only if we change the turn off proxy won't work. You need to turn off the SSL Certificate verification also you need to disable.
I found a temporary solution:
In terminal, go to the directory where postman is installed and add:
machine#dev:~/Documents/Postman$ export NO_PROXY=localhost,127.0.0.1
machine#dev:~/Documents/Postman$ ./Postman
This will make calls to localhost work.
I found a similar problem on Windows machines here
The problem mentioned as an issue here. You should just write a simple batch file like this:
set HTTP_PROXY=
set http_proxy=
set HTTPS_PROXY=
set https_proxy=
START %LOCALAPPDATA%\Postman\Update.exe --processStart "Postman.exe"
open a simple text file, save this as a ".bat" file, and just run it!
I also faced the same issue, but the trick was I implemented both the methods that were stated earlier in the stack.
First I turned off the postman proxy as shown in below image.
Click Settings -> Proxy
And then turned off the SSL certificate verification check button.
Click Settings -> General
And then tried to hit my local server and finally it worked.
While attempting to Get https://localhost:5001/WeatherForecast via PostMan while developing a basic .NET Core (3.1) Web API (on Ubuntu Linux)
I got the error:
Could not get any response There was an error connecting to
https://localhost:5001/WeatherForecast.
I didn't notice the actual solution in the things to try at first, but if you check the highlighted text in the image you will see it.
You can see that the option is turned on in PostMan by default:
I turned the SSL Certificate Verification off and tried again and it worked.
If you are under corporate proxy and you are deploying your webapplication in localhost then no need to set proxy configuration like
http://username:password#corporateProxyServer:ServerPort in postman (Global Proxy Configuration).
As the app is deployed in local machine just use the localhost configuration in setting -> Global Proxy Configuration as :
proxy server : 127.0.0.1
port : 8300 (this is the port where the web application is running )
My problem was that i was setting an invalid Header token and it gave me the error
Error: Header name must be a valid HTTP token ["Accept "]
Warning: This request did not get sent completely and might not have all the required system headers
Just check your Headers.
Adding another potential answer to this for people to check after they've tried the other ideas here.
I was able to solve my own problem by checking the Postman console (View -> Show Postman Console) and then examining the error from the request (in my case it was because I had a newline character on an auth token).
In my case, I had to precede the localhost with https://
These steps solved this issue after 1 whole day struggle:
1) HTTP_PROXY= proxy.company.com:port
HTTPS_PROXY=proxy.company.com:port
to user variables, not to System variables. Make sure the the case is all cap.
2) Updating newtwork driver, and turning on Windows Defender......Make sure you don't see no reds in here.
I was not able to make any calls from postman to docker container running Couchbase Server. Very frustrating. Turns out I had proxy setting configured to some aws instance which has been long deleted.
Goto setting and remove the proxy setting and it worked like a charm on localhost/127.0.0.1/mac laptop eno IP addr or 0.0.0.0
In my case, I was using django-tenants and had to add the domain for the tenant in etc/hosts to get it working on localhosts. My entry for 127.0.0.1 now looks like
127.0.0.1 localhost test.localhost
My problem was forgetting to select Environment. From the drop down where you see No Environment in the image, select the name of your environment.
Menuka Ishan's solution above saved my hours of pain! I left the Global Proxy Configuration switched ON and changed the Proxy Server to 127.0.0.1. Switched OFF the Use System Proxy. I already had the entry 127.0.0.1 localhost in my hosts file under the path C:\Windows\System32\drivers\etc.
If you have active proxy in your system then make sure Global Proxy Configuration and Use System Proxy are turned off. To do this go to Postman preferences > Proxy. You can also try sending a request in postman without typing localhost (e.g. :8080/send)
i think i also found a perfect fix.
First you turn on global proxy configurations, add your local machine Ip which is 127.0.0.1,then also add localhost in the bypass.
Also turn off SSL verification.
It worked for me
This worked for me, i dissable the parrameter host in the header.
HOST Disabled
If anyone is looking for a solution to WooCommerce local install, here are the steps to make this work:
Go to Wordpress Admin > WooCommerce > Settings > Advanced
Create new API key, give it a name
Copy the Consumer Key & Consumer Secret to
your text editor
Open Postman
Create new connection Set the URL for
testing (GET) : http://mylocalsite/wp-json/wc/v3/orders (change
"mylocalsite" to yours)
Click on Authorization tab
Now here is the main change: Although in WC Rest docs, it says to use the "Basic Auth" - IT WILL NOT WORK. Since usually your localhost is HTTP
and not HTTPS. So "Basic Auth" is not relevant in our case.
You will need to change the Authorization to OAuth 1.0
Set Consumer Key & Consumer Secret respectively as it shows in Woocommerce
Click "Send" - it should work now
If still you have problems, try one by one the following:
File > Settings > Turn off SSL Verification
File > Settings > Turn off "Automatically follow redirects"

WordPress Website shows 403 error when accessing wp-admin/ajax.php page from front end

I am running a WordPress on an Azure Web app connecting to a MySQL server on a different Windows server. When loading the mentioned page in Chrome, it shows 2 popups 403 & Forbidden. Checking the console throws this error - ecbcc.js:2 POST /wp-admin/admin-ajax.php 403 (Forbidden)
This works fine on FireFox & IE but not on Chrome. Any ideas why?
This is because of your cache. Minified version of JS is causing the issue in chrome browser. Check or purge the cache and check for the permissions applied to cached files as well.
I faced the same issue but it took a long time for me to fix it. Because my solution was not caused by common things like cache, .htaccess, files permissions, etc. I apply all the possible solutions as described here. When nothing worked for me, then I talked with my hosting provider and the issue was on their side. Actually, the server has black-listed my IP.
Below is the reply from the support of my hosting provider:
After checking it, it looks like the issue is caused by trigger
ModSecurity rules.
ModSecurity is an Apache module that works as a web application
firewall. It blocks known exploits and provides protection from a
range of attacks against web applications. However, sometimes,
mod_security may incorrectly determine that a certain request is
malicious, while it is actually legitimate. In such a situation, we
can whitelist the triggered mod_security rule on the server, so that
you can bypass the block.
In order to properly investigate, we need you to share your IP address
with us. You can copy it from here: https://ip.web-hosting.com/
Looking forward to your response.
This error can appear for more than one reason. Except for the accepted answer, if you are using a shared hosting solution as a server then it would be best to contact the support of the service. Also if you use Plesk or Cpanel you can check the server logs to see if there is any false positive rule that from mod_security that catches the error. Then you can find the error that could look something like that:
ModSecurity: Warning. Match of "test file" against "REQUEST_FILENAME" required. [file "/etc/httpd/conf/modsecurity.d/rules/custom/006_i360_4_custom.conf"] [line "264"] [id "77140992"]
You can apply the ID on your firewall exclusion list (if this is provided by your hosting service) and then the server will not block the request anymore.
IMPORTANT: If you are not sure what you are doing, ask your hosting provider for support. Experimenting on live servers/sites is not the best option and I would strongly recommend avoiding it.

Clear ssl client certificate state from javascript in firefox 33.0.2 (removed Proprietary window.crypto)

I'm looking for a way to clear the SSL client certificate cache in Firefox as a kind of "log out" functionality so that the server does not recognize me anymore via the client certificate the next time I connect to it. The solution from clear-ssl-client-certificate-state-from-javascript
if (window.crypto) window.crypto.logout();
does not work anymore in the current version of Firefox.
With firefox 33.0.2 the Proprietary window.crypto properties/functions are removed
How can I do this in the current Firefox version?
You can enable window.crypto by setting
dom.webcrypto.enabled = true
in about:config.
However there is no out of box replacement for FF 33.
It seems like Mozilla rolled it back in FF34, so it should be available there again.
EDIT:
There is an replacement:
http://www.w3.org/TR/WebCryptoAPI/
There is not an official solution for FF & Chrome. for a unofficial solution see: Web Crypto API — An Authentication of Data and People in SSL

How to fix firefox connection untrusted

Firefox gives me connection untrusted for SSL https, and why is that, Chrome shows https in green so, chrome OK, firefox not, why ?
when i install ff 16.0.2, i seem to have same prob with you(untrusted connection especially firefox addon)..For me, it basically cause by my nod32 antivirus, i try go to setting>protocol filtering>ssl>certificates>untick "add the root certificate to known browser''(make sure ff really close)..then tick it again and click OK..done
Please check this:
https://developer.mozilla.org/En/Displaying_web_content_in_an_extension_without_security_issues
I thing you can bypass the warning:
You can tell Firefox to bypass these certificate warnings. You should only bypass the warning if you're sure that the site is legitimate. Legitimate public sites will not ask you to do this. An invalid certificate can be an indication of a web page that will defraud you or steal your identity.
1.On the warning page, click Or you can add an exception....
2.Click Add Exception.... The Add Security Exception dialog will appear.
3.Click Get Certificate.
4.Read the text describing the problems with this site.
5.Click Confirm Security Exception if you want to trust the site.
http://support.mozilla.com/en-US/kb/Secure%20Connection%20Failed
http://support.mozilla.com/en-US/kb/Firefox%20cannot%20connect%20securely%20because%20the%20site%20uses%20an%20older%20insecure%20version%20of%20the%20SSL%20protocol
If any of these TS won't work, then try to update to FF V7. Don't forget to file a bug in bugzilla with all the necessary information.
However if you wish to access sites without accepting the certificate each time, use the add-on skip-cert-error "https://addons.mozilla.org/en-US/firefox/addon/skip-cert-error"
I had this weird issue "Your connection is not secure" whereas Chrome works like a charm.
Actually, it is because i let the corporate pac script to manage the proxy setup ticking the option "use system proxy settings". Actually, Firefox don't like it !
When i switch back to the manual proxy settings, all get back to work.
Of course, you need to known proxy params.
Go & surf ...
Change your Date to current date :D
I had same issue

Resources