This is my first post, and I hope you guys can help me.
What is the problem?
When I was developing my app I used an unencrypted connection (because I had no valid and trusted certificate) so it worked all the time. Now is the app almost done, and I want to use a encrypted connection. I bought a valid certificate for my server and it is working as it should be, when I go in my browser to my server it says that is has a valid and trusted certificate. But, when I change the server url in my app, I get the error: "The operation couldn’t be completed. (NSURLErrorDomain error -1012.)".
I searched the internet, but I found most of the time problems with a self-signed certificate, and they had to set allowInvalidCertificates to true. Ofcourse, I don't want to set this option to true, it has to be false. Also the pinning option is set to None, so actually I dont understand why the app can't connect to my server while it is using a valid certificate.
I hope some of you can help me!
[update]
When I change the allowInvalidCertificates to true, it works. So I think it has something to do with the verification of the certificate. When I'm browsing in the simulator with safari to the server-url it just opens as it should. No warnings or errors.
Thanks, Joey
Yes, got it!
First I checked the status of my ssl-server at: http://www.sslshopper.com/ssl-checker.html
Then I saw that there was something wrong. The certificate was not trusted by all major web browsers.. So, I had to add the CA-bundle on my server en then tada! All tests passed.
I checked directly my connection with the app and yes, it worked immediately :)
Maybe some of you guys have the same situation, and this could be your answer :) Good luck!
Cheers, Joey
Related
I've a problem in my browser !,
I watched many solutions on youtube to fix this problem.
I did everything, I changed date and time of my computer.
I think this error occurs as a result of a browser that does not recognize the authority of the certificate.
I can browse all sites like "Google, Youtube, Gmail, stackoverflow, etc .." "except for this site" https://id.sonyentertainmentnetwork.com/id/management/ "
I use windows 7 home premium 64 bit,
Google chrome -> last version,
IE -> 11
Please try to browse this site "https://id.sonyentertainmentnetwork.com/id/management/"
"Problem with this website's security certificate" is a generic error message that Internet Explorer gives you when there is a problem establishing a secure connection (https://) to a website using the site's SSL certificate.
This error message can be caused by any number of issues. For example, here are some of the causes:
Your computer and the website's server could not agree on cryptographic algorithms to use for the secure connection. This can sometimes happen for older versions of Internet Explorer.
The authenticity of a website's SSL certificate could not be verified by a Certificate Authority (CA).
You did not provide enough detail in your question to figure out the exact cause of the issue. But, in this case, updating your web browser may help fix the issue.
I think it is just a common browser error that is not letting you visit that website with HTTPS.
I tested that website and it working fine in my browser. (Tested through Chrome, Firefox, Opera, and IE). So I think the issue is with your system.
Try clearing the cache and cookies for that particular website
Clear the SSL State from Internet Options
Disable QUIC Protocol of Google Chrome
Source: https://aboutssl.org/fix-google-chrome-error-err_ssl_protocol_error/
Try this:
Download de certificate:
https://letsencrypt.org/certs/isrgrootx1.der
Right click on this file.
Install Cerficate
Next
Click on second opticn. (my windows on pt-br -"colocar todos os cerficiados no repositorio a seguir") Browser
Select = Autoridade de certificação Raiz confiável.
OK
Next
Finish
I just switched over from a windows machine to Mac for work and I cant seem to get the configuration for adding my local dev page to by pass the SSL security as the certificate we have for the local has expired.I have this issue for chrome and Safari but for FF I am able to by pass by adding my url to the trusted site list.
Any help is highly appreciated as I'm kind of stuck.
This is what I have tried so far.
Disabled the "Allow invalid certificates for resources loaded from localhost" from chrome flags
In the keychain, even though my certificate expired I configured it to "Trust Always"
I did try a couple of other setting. But nothing seemed to work.
This is a pretty bizarre way to bypass this SSL check, but it worked for me.
Type blindly while in Chrome: "thisisunsafe"
The page will refresh and it will allow you in!
I installed an EV SSL certificate issued by GeoTrust, but recently I have problems with Firefox (latest version), it says "this site does not supply identity information".
Initially I thought it was a caching problem, so I cleared cache, but this problem won't go away. Any piece of advice is highly appreciated. Thank you! Here is the link: https://www.zenmony.com/system/
The only thing out of ordinary I can spot from your SSL setup is missing OU. Maybe try adding an OU to your certificate:
This normally involves re-creating a new private key and CSR (certificate signing request), and submitting it to GeoTrust
I am having great issues trying to debug a page on a web application used internally on an intranet. When entering the page the "Security Information" Pop Up Box appears. The whole application is running under https.
To try and debug the issue, I have used Fiddler, and looked at the urls for every component, javascript, css, images, and user control components. Everything I have seen from Fiddler shows that the urls start with required https!
So, I am completely confused why this message should be shown - it appears everything the page is posted back.
Does anyone have any idea why this should be happening and/or have another tool that could help me?
Thanks
I'm pretty sure that what you are seeing is the result of a self-signed certificate. If a certificate you're using isn't trusted by a known certificate authority (Verisign or a similar company) your web browser can't verify that it comes from a trusted source.
Also, look at what the error is saying, because it usually tells you which part of the security verification failed.
I am maintaining a few web applications. The development and qa environments use invalid/outdated ssl-certificates.
Although it is generally a good thing, that Firefox makes me click like a dozen times to accept the certificate, this is pretty annoying.
Is there a configuration-parameter to make Firefox (and possibly IE too) accept any ssl-certificate?
EDIT: I have accepted the solution, that worked. But thanks to all the people that have advised to use self-signed certificates. I am totally aware, that the accepted solution leaves me with a gaping security hole. Nonetheless I am to lazy to change the certificate for all the applications and all the environments...
But I also advice anybody strongly to leave validation enabled!
Try Add Exception: FireFox -> Tools -> Advanced -> View Certificates -> Servers -> Add Exception.
I ran into this issue when trying to get to one of my companies intranet sites. Here is the solution I used:
enter about:config into the firefox address bar and agree to continue.
search for the preference named security.ssl.enable_ocsp_stapling.
double-click this item to change its value to false.
This will lower your security as you will be able to view sites with invalid certs. Firefox will still prompt you that the cert is invalid and you have the choice to proceed forward, so it was worth the risk for me.
Go to Tools > Options > Advanced "Tab"(?) > Encryption Tab
Click the "Validation" button, and uncheck the checkbox for checking validity
Be advised though that this is pretty unsecure as it leaves you wide open to accept any invalid certificate. I'd only do this if using the browser on an Intranet where the validity of the cert isn't a concern to you, or you aren't concerned in general.
In the current Firefox browser (v. 99.0.1) I was getting this error when looking at Web Developer Tools \ Network tab:
MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
I was trying to debug an Angular app which is served at https://localhost:4200... however the real port it's pointing to and being debugged from in Visual Studio 2022 is 44322.
I had to follow these steps to fix the issue:
Open Firefox Settings;
Look for Privacy & Security tab on the left;
Scroll down to the bottom and look for Certificates;
View Certificates;
In this window you must click Add Exception and enter the location. In my case it was:
https://localhost:44322
Click Get Certificate button;
Click Confirm Security Exception button.
After that, try reloading your page.
Instead of using invalid/outdated SSL certificates, why not use self-signed SSL certificates? Then you can add an exception in Firefox for just that site.
Using a free certificate is a better idea if your developers use Firefox 3. Firefox 3 complains loudly about self-signed certificates, and it is a major annoyance.
If you have a valid but untrusted ssl-certificates you can import it in Extras/Properties/Advanced/Encryption --> View Certificates. After Importing ist as "Servers" you have to "Edit trust" to "Trust the authenticity of this certifikate" and that' it.
I always have trouble with recording secure websites with HP VuGen and Performance Center
Create some nice new 10 year certificates and install them. The procedure is fairly easy.
Start at (1B) Generate your own CA (Certificate Authority) on this web page: Creating Certificate Authorities and self-signed SSL certificates and generate your CA Certificate and Key. Once you have these, generate your Server Certificate and Key. Create a Certificate Signing Request (CSR) and then sign the Server Key with the CA Certificate. Now install your Server Certificate and Key on the web server as usual, and import the CA Certificate into Internet Explorer's Trusted Root Certification Authority Store (used by the Flex uploader and Chrome as well) and into Firefox's Certificate Manager Authorities Store on each workstation that needs to access the server using the self-signed, CA-signed server key/certificate pair.
You now should not see any warning about using self-signed Certificates as the browsers will find the CA certificate in the Trust Store and verify the server key has been signed by this trusted certificate. Also in e-commerce applications like Magento, the Flex image uploader will now function in Firefox without the dreaded "Self-signed certificate" error message.
For a secure alternative, try the Perspectives Firefox add-on
If this link doesn't work try this one:
https://addons.mozilla.org/en-US/firefox/addon/perspectives/
The MitM Me addon will do this - but I think self-signed certificates is probably a better solution.