Well i have this website made with wordpress hosted on hostgator in a web hosting. Sometimes when i access it with some browsers like firefox it give my this error:
The text is in spanish but it basicly says:
"The conection is not safe The owner of www.domain.com has configured
this website incorrectly. To protect your information againts thefts,
Firefox has not connected to this site"
Sorry for my english.
Thanks!
There are various reasons for this error. As a primary investigation, you may check below:
Make sure that you have valid CA bundle installed along with certificate.
If you have URL(s) set in your code (any web page), make sure that you have used "HTTPS://" instead of "HTTP://". Because, if there is a URL in your code which is set with HTTP, browser will detect that page as non-secured and it will not load the page and will show security error.
https://support.mozilla.org/en-US/kb/what-does-your-connection-is-not-secure-mean
When Firefox connects to a secure website (the URL begins with "https://"), it must verify that the certificate presented by the website is valid and that the encryption is strong enough to adequately protect your privacy. If the certificate cannot be validated or if the encryption is not strong enough, Firefox will stop the connection to the website and instead show an error page
Related
I have some JS that is on some intranet application that's running on HTTP (this server/service is out of my control, run by the customer). I operate the internet application and it must run on HTTPS for security purposes.
I'm attempting to use XDomain but I'm finding that the cookies aren't being sent. Is the problem that I'm going intranet to internet or that I'm going HTTP to HTTPS or some configuration problem?
I keep getting 401 when checking authentication of the user even after they have logged in.
I've verified the backend/internet service works as expected via a jsfiddle (i.e. Access-Control-Allow-Origin, etc. are all correct).
Thanks!
There are some security related issues with XDomain that makes it strip any cookies according to no 5 in this msdn blog. However there also exist a workaround using proxy with example project on Github. I think everything you need to make it work are described in those two pages.
I have a client that has a domain registered through GoDaddy (e.g., http://www.godaddysite.com). He has the domain set to forward w/masking to a page on our servers (eg., https://www.someuniversity.edu/someproject/loginpage.aspx).
When on our network (a university network) I can navigate to his domain, the forwarding/masking works and I can log in without issue. However, anyone off the university network, when visiting the client's site, cannot log into the site. It forwards/masks as it should, accepts the user name and password but stays on the login page after the credentials are accepted. If they navigate directly to my site they have no issues.
I checked his GoDaddy settings and everything appears right. GoDaddy says it is our configuration that is causing the problem (not allowing a different domain mask the site). Is this true? Is there something I need to change in IIS to allow people to log in when they visit through the GoDaddy site?
Update:
Finally was able to test this offsite. This scenario ONLY happens in IE. So now it is a browser setting issue.
The most common cause of this sort of problem is described here: http://blogs.msdn.com/b/ieinternals/archive/2013/09/17/simple-introduction-to-p3p-cookie-blocking-frame.aspx
If you change the IE Privacy Settings (Tools > Internet Options > Privacy) to Accept All Cookies does the problem go away? If so, then you need to set a P3P response header.
I am using a combination of things and not sure where the error is coming from: I have a WordPress site with and installed SSL cert. https:www.joesmetrobox.com. I have the Cleanr theme installed and I am using WooCommerce and the Paypal Advanced plug in to use Paypal as the way I process payments.
Everything is fine until I try to submit the credit card information here: on this page: checkout/pay/?key=order_51882ad846e67&order=360 (this would be unique for transaction). Then depending on the browser I get an error:
Firefox: Security Warning: Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by others. Are you sure you want to continue sending this information?
Firebug gives me this
error: 404 error for this
wp-content/themes/cleanr/js/scripts.js?ver=1.0 and file which does
not seem to exist.
Explorer 8: Security Warning: Do you want to view only the webpage content that was delivered securely? This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage.
Chrome: Secure Token Expired
and if I use their developer tools I also get this extra clue: Unsafe JavaScript attempt to access frame with URL https://joesmetrobox.com/checkout/pay/?key=order_5188245e1ae70&order=361 from frame with URL https://payflowlink.paypal.com/?mode=LIVE&SECURETOKEN=LvNtL1gubfE6Z5lwc2gMiQgJ0&SECURETOKENID=joesmetro51882d664015d4.15989435. Domains, protocols and ports must match.
So I am pretty stumped at this point where to even focus my attention. I am not a programmer and know just enough to be dangerous.
I am wondering if it is some kind of token setting in Paypal that I accidentally clicked and don't need? or maybe WooCommerce isn't playing nice with Paypal, Cleanr theme or maybe both.
I just want to be able to process payments without an error popping up...does anyone have ideas?
a plugin like this may help you implement HTTPS to your site.
http://wordpress.org/extend/plugins/wordpress-https/
WooCommerce Reference: http://docs.woothemes.com/document/ssl-and-https/
Insecure content warnings
If you have insecure content warnings when viewing a secure page it
means you will be linking directly to scripts, images, or stylesheets
over http instead of https. Most of the time this is simply fixed by
changing said links to https or by using relative URL’s (e.g.
/wp-content/file instead of http yoursitename/wp-content/file).
You can also use a plugin like WordPress HTTPS to force the URLS to be
secure. WooCommerce does secure scripts which are enqueued correctly.
To identify the insecure links you can use a tool such as Firebug for
firefox, or Chromes built in developer tools, and look at the error
console – insecure resources will be listed.
When I try to get data in a mobile flex app from a secure site, I get following alert:
A secure connection with this site cannot be verified. Would you still
like to proceed? The certificate you are viewing does not match the
name of the site you are trying to view.
For each call, I get the popup. If I keep on clicking Yes, the app works fine (but I would like to avoid that ;-)).
Any ideas? Apparently, the url from where the request comes, is not the same as defined in the certificate... But what is the url if called from a mobile app (standalone)? It's neither an error, because you can click on yes. So it's more that the client gives a warning. The annoying thing is that you can't accept it permanently...
This is the same whenever a cert is not correct and chrome or firefox alerts you and asks if you want to proceed. You cant accept a faulty cert on the behalf of your users. The easiest way to fix this is to tell the site owner to get a proper cert.
Check with your system administrators of website whether certificate installed is issued for your domain. It appears that certificate is issued for a domain https:///xxxx where as it is installed on https://yyyy
Bypassing is OK for testing , it seems finally you will have to get this corrected
In my experience this only comes up with self-signed certs, expired certs, and when you are calling the cert by a URL that is not identified in the cert.
With most certs they are associated with a single host/domain combination, i.e. https://www.domain.com
That means that they cannot be used with any other domain host combination. Not even http://domain.com or https://sub.domain.com.
There are certs that will support different hosts on the same domain (www.domain.com, sub.domain.com, etc). They are called wildcard cert. They are very expensive compared to normal single domain certs.
My guess is that in the browser you are calling www.domain.com but in your AIR app you are calling domain.com or calling some other host. That or you have permanently accepted the improper cert in the browser.
I have never have a problem with anything improperly identifying a valid cert. Not a browser, Flex app, AIR application. Ever.
If you view the cert in the browser you should be able to see what domain/host it is registered to. Make sure you are using exactly that. Any variation will cause the error.
As a temporarily solution I added some exceptions to the URL Rewrite Module, so that communication by Mobile App can be done with HTTP. But it's no longer secure, so I would rather use HTTPS.
I have also faces this issue and simple solution is fixed the certificate issue. If not possible then forget about using the HTTPS use HTTP only. So you never get any complain about any certificate issue.
I have an ssl certificate set up and when I use the https prefix google chrome puts a skull next to it and crosses out the https. Heres what the security information says:
The identify of this website has been verified by go daddy secure certification authority.
Your connection is encrypted with 128bit encryption...However, this page includes other resources which are not secure.
What am I doing wrong?
This means that you are linking to a resource (CSS, JavaScript, image, etc) on your website that does not have an SSL connection.
Check that all of your images, JavaScript, and CSS links are either relative (e.g. starting with \ or image\myimage.png, not http://www.mysite.com/images/myimage.png) or linking to an SSL site as well.
A common cause of this issue can be Google AdSense, which does not offer an SSL option for ad serving. Similar JavaScript links may also be "breaking" your SSL's "validity".
This occurs when you are using items that are not protected by your SSL cert. This could be items not under the SSL settings on your web server or if you are using items from another server entirely for example.
In chrome you can set all insecure content to be blocked to see what breaks and fix it.
OR
Use Firebug in Firefox and see if there are any files that are being grabbed with the http protocol in the net tab.