I have a website hosted on domain-a.com, which we are about to install an SSL certificate on. The certificate is issued by a CA so it will be trusted by browsers.
After pageload on domain-a.com, an ajax call is made to domain-b.com using CORS to retrieve some additional information to display on the page.
I have two questions:
Do I also need to install an SSL certificate on domain-b.com? What will happen in the users browser if I don't?
If I do install an SSL certificate on domain-b.com, but I use a self-signed certificate as opposed to one issued by a CA, will that work, or will there be warnings/errors thrown by the user's browser?
I set up some test pages to see how this behaved, and it looks like you do need to install SSL on domain-b.com. Most browsers I tested blocked the nonsecure content. Others gave a warning. The same things happened if domain-b.com had a self-signed certificate. The connection was still blocked.
The simplest and cheapest solution I found was to install a free SSL certificate from StartSSL on domain-b.com. This CA seems to be recognized by the browsers I tested on so the connection to domain-b.com works fine. If anyone sees any issues with this that I'm not thinking of, please let me know.
Related
I can't seem to get the referrer on a 3rd party XHR request to a development server with a self-signed certificate.
After complying to chrome's use of SAN instead of CN and registering my self-signed localhost certificate, I got the green dot for this request in Dev Tools security panel, but I also get the following:
This request does not comply with Chrome's Certificate Transparency policy.
I've tried to use Chrome Group Policies to disable it, but it did not work.
Have anyone else stumbled upon this issue? Any good know solutions for debugging 3rd party XHR requests?
The current workaround (hopefully not a permanent solution) is just using Mozilla FireFox instead of Google Chrome.
I'm trying to setup SSL and Apache on localhost. So far, I follow all the steps from:
http://www.webopius.com/content/355/getting-mamp-working-with-ssl-on-os-x
However, when I test my browsers:
From Safari It says: It can't verify the identify of website localhost.
From Chrome displays: "Site security certificate is not trusted!"
Does know how to fix that? I appreciate if anyone can point me to the right direction?
Did you purchase an SSL certificate from a Certificate Authority (CA)? If not, then you've most likely got a self-signed certificate. Since no CA has 'signed' your cert, it cannot be verified as authentic, and browsers will rightfully complain about that.
If the CA's "stamp of approval" wasn't required to make a cert "valid" for a browser, it'd be beyond trivial for anyone to forge a microsoft.com or google.com certificate and pose as any site they wanted to. "Look ma, it must be google! the browser's showing the key icon!"
One of my client's is having a problem that is vexing both their system admin and godaddy support, who say that everything is correct and this error should not be happening. Their SSL certificate is valid and seems to be correctly installed:
http://www.sslshopper.com/ssl-checker.html#hostname=moocho.com
It also works find on IE and Chrome. However, on firefox users are getting this error (firefox 7 users seem to get the error on every single page load):
Relevant History: Last week (about 7-10 days ago) they were using a different certificate that was revoked. However, they received a new SSL Cert on 9/5 or 9/6, and this is the one that is currently installed.
I think this might have something to do with the OCSP service that firefox uses to check certificate authenticity. Could that service have cached data from when the old cert was revoked, and hence still be reporting that moocho.com has a revoked cert? If so, is there any way to fix this problem?
If not, what is causing this error?
Thanks!
This is not a false positive. If you look at the warning message closely, it refers to moochomoocho.com, not moocho.com. The certificate on https://moochomoocho.com/ is indeed revoked and other browsers show it as well. The fact that you don't see a warning in other browsers might be because the only content being loaded from moochomoocho.com is the favicon of the page - other browsers drop it silently instead of alerting the user.
I'm getting the sec_error_unknown_issuer on my website : https://www.lceonline.co.uk/
The error occurs when I add an item to the cart then click checkout (The checkout page seems to cause it) The SSL Certificate is with Globasign
It seems that this error only occurs in Firefox. Does anyone have a solution or can point me in the direction of one? Little bit of a struggle.
Cheers Guys
Each browser has an installed list of what is called "Root Certificates". If the issuer's certificate is not in this database, then the browser will reject the cert with the message that you are seeing.
Firefox and Internet Explorer use independent lists of root certs. You may want to speak to your issuer, or a different issuer, about getting you a cert that is acceptable in all major browsers.
It should also be noted that a cert can be denied by the browser with a similar error if it depends on intermediate certificates in the cert-chain and the server has not been correctly configured to deliver all the required certs to the browser. This can be tricky to diagnose as browsers will cache and re-use intermediate certs, even if they were originally requested from a different server.
I have an embedded web server with a self-signed SSL certificate. After I get past the Web Browser's warning about the SSL Certificate being self signed, I am seeing a difference between IE8 and Firefox 3.5.5.
In IE8, if I try to download a PNG file, it will download every time.
In FireFox, it will give me an error every other time.
The error message is this:
Secure Connection Failed
An error occurred during a connection to 192.168.1.100.
SSL peer was unable to negotiate an acceptable set of security parameters.
(Error code: ssl_error_handshake_failure_alert)
*The page you are trying to view can not be shown because the authenticity of the received data could not be verified.
*Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
What is causing this? Why does one browser work all the time and the other only works every other time?
It's hard to say without looking at the packets. If I had to hazard a guess, it would be that on the second request, Firefox is trying to resume the SSL session, and for some reason, the server doesn't like that. On the next request, Firefox doesn't try to resume, and it succeeds again. Maybe?