Has anyone stumbled upon this error:
Error code: sec_error_pkcs11_device_error
I get it when I'm trying to access a web page where I should authenticate with my digital certificate (SSL). My certificate is not expired yet and now I'm getting this error.
Please anyone help.
I have got this error with Firefox browser while trying to use a certificate which was not trusted by the server (IIS 7.5) having to use it. Using a trusted certificate on server side solved the issue for me.
If you need more detailed instructions on how to handle certificates, I found following resources quite valuable:
https://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-in-iis-7.html
https://www.sslshopper.com/move-or-copy-an-ssl-certificate-from-a-windows-server-to-another-windows-server.html
Related
I have an laravel app served with docker which until recently has been working fine, but since about 3 days ago it is not working. The problem is that I need to get data from a remote database, which is done with the guzzlehttp client used in the laravel framework. The SSL certificate is given automatically via. Let's Encrypt nginx proxy companion, and should be working, I have for example checked it on https://www.sslshopper.com/ssl-checker.html, and it says the certificate is valid, but I still get the curl error "cURL error 60: SSL certificate problem: certificate has expired (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)".
I have tried manually to point the guzzlehttp client to the cerficate file, and even downloaded the latest cacert file and used that, but no luck. Code looks something like this:
$this->client = new Client(["verify" => '/path-to-cert-file-in-docker-container.pem']);
Even more bizarre is that I have the same app running locally, and here I don't get the error if I use the certificate from the server or from https://curl.haxx.se/ca/cacert.pem mentioned above.
I should mention that we updated the let's encrypt container giving out the certificates on the server, so I run an older version locally. But the only thing that has changed is that we pulled a new image from docker, and I don't know what this should do to make a change here. I mention this since it seems that the error started after we updated let's encrypt, but I have been unable to find the connection.
Feel free to ask any questions or request code from the project.
Thanks in advance, Richard.
The browser reports that the connection is insecure, so the certificate hasn't loaded correctly. However, then manually opening the website it loads correctly.
Can anyone tell me how to fix Invalid certificate issue, It's result in to launching the wrong URL.
I tried with "chromeWebSecurity": false in my cypree.json, but no luck.
Please help me to solve this issue.
I haven't done this myself, but Cypress docs say that it's expected: You'll notice Chrome display a warning that the 'SSL certificate does not match'. This is normal and correct.
Note, that Cypress allows you to optionally specify CA / client certificate
https://docs.cypress.io/guides/guides/web-security#Examples-of-what-Cypress-does-under-the-hood.
So if the fake Cypress certificates are causing issues for you, you can try supplying your own certificates.
if it is not your website, you cannot fix it.
what you can do is verify why it is invalid, and decide to accept it and still open an https connection with the server although the certificate isn't valid.
usually the steps are:
click Advanced button
read and understand
click Accept or close the tab
the common reasons for a certificate to be invalid are:
domain name invalid, the certificate is installed for multiple vhost, and you have accessed the service for a domain name not defined in the certificate. www. is required, only * is specified without empty domain. totally wrong domain name. etc.
certificate is expired. check the date, it might be expired and decided if that makes sense to you
certificate isn't trusted, self-signed or using an authority not trusted by your browser.
if it is your website, these are the same reason, so you should be able to replace the certificate with an appropriate one.
by the way, this might not be a question for stackoverflow, maybe more for superuser, but I am happy to answer it anyway.
hope this helps you and others
cheers,
Using Python/Flask hosted on Heroku (using SSL with some other additional security features) I'm having an issue where users using a proxy browser extension proxy (usually regular proxy servers that are on before the browser is open are fine) are causing missing CSRF token errors when users submit forms.
The only thing I can find online about this issue is https://nickjanetakis.com/blog/fix-missing-csrf-token-issues-with-flask but I can't mess with the config as referenced here.
Everything works fine if the proxy is on your machine (not a chrome web browser proxy).
Has anyone had this issue before? The only information I can find references if your server is on a proxy, not your user...
Thanks for your insights and help!
I am getting an 'invalid issuer' error when trying to access a local site. As can be seen in the screenshot, the root CA certificate has been imported and trusted. So, why do I still get this error?
The certificate works correctly in Firefox after importing the CA cert.
Mac OS does not support Name Constraints. Removing this property from the root certificate solved this issue in our case. For background see: https://security.stackexchange.com/questions/95600/are-x-509-nameconstraints-on-certificates-supported-on-os-x
(You don't appear to be using this property according to the screenshots, but I'm still posting this as it might be a valid solution for others)
Since the Oct 1st Facebook update requiring SSL for canvas apps my Facebook Application has stopped working and displays the error:
The remote certificate is invalid according to the validation procedure.
I'm using the C# Facebook SDK, and my app is ASP.NET MVC3
I've bought an SSL certificate and it seemed to install OK - but still getting this error.
Any ideas?
Thanks
Nick
hmmmm, check the date and time setting on your server! I found mine to be set to 2002 for some stupid reason! Once it was set to the correct date, the certificate was valid and all is good.
Hope this helps someone else out!
I had my local security policy on the server configured incorrectly. Go to Local Security Policy > Public Key Policis > Certificate Path Validation Setting. On the Network Retrieval tab make sure "Define the policy settings" is not checked and "Allow issuer certificate (AIA) retrieval during path validation (recommended) is also not checked.