I am transfering a website and when am navigating to a page my url is changing from HTTP to HTTPS. Here am getting the Privacy Error message in my browser.
How can I avoid this in moovweb transformation?
Let’s take the example of http://mlocal.erin.ne.jp/
When we are choosing Japanese version its pointing to https://mlocal.erin.ne.jp/jp but in my browser when its moving to secure site am getting Private error.
How can we set-up the config to avoid such error?
I tried with ssl_whitelist but no luck :(
{
"host_map": [
"$.erin.ne.jp => www.erin.ne.jp"
],
"ssl_whitelist": [
"erin.ne.jp",
"erin.ne.jp/jp",
"https://erin.ne.jp/jp"
]
}
Thanks in advance !!!
The ssl_whitelist configuration option is only necessary if the website you are trying to transform has invalid certificates. Typically, this might be a staging website where it is known that the certificates are invalid. So this option is unrelated to the problem you are seeing.
During local development, the Moovweb SDK will load a self-signed SSL certificate for the local domain. This is provided as a convenience to simulate SSL traffic.
When you hit https://mlocal.erin.ne.jp, that is your local server with invalid SSL certificates. Because there is no chain back to a root certificate authority, your browser will not trust the certificate.
If you acknowledge the error, you will be able to proceed. I am only recommending this because this is a local development situation only. During normal web browsing, take care when you see similar messages.
This is completely separate from production-ready projects that will be hosted on the Moovweb cloud. In production, you will have to acquire valid SSL certificates that matches the production domain name you select (typically m.erin.ne.jp, t.erin.ne.jp, or www.erin.ne.jp for a single-domain project). Once this is set up properly, you will not see any SSL certificate errors on your production domain.
Related
I just moved several interrelated sites from a server that does not support TLS 1.2 to one that does to specifically stop chrome's site is insecure message. There a 4 separate websites one of which has 2 pages Demo.aspx and Rater.aspx. All sites use https:// and the server supports TLS 1.2 and has a valid certificate chain. All sites load without any security warning, including Demo.aspx, but Rater.aspx does not (it is the only one).
Rater.aspx is a older and somewhat large one page asp site, so I figured there must be a http:// reference somewhere, and I found a few which I converted to https://.
I have gone over the site many time, and there is nothing I can see that should be causing the insecure flag.
Your Connection to this site is not secure.
Certificate (valid)
Cookies (1 in use)
Is there a tool that will tell me what chrome is picking up on so I can fix it?
If it would be helpful I can provide a link to the page, just did not want to do it here.
Thanks!
As #mason pointed out Chrome's Security Tab in developer tools provides information on what is causing the Not Secure message and ultimately led to the discovery of an unused iframe pointing to a less secure domain.
I found the offending domain name on the Application tab under Local and Session storage (no actual data was being stored). A project search for that name found the iframe.
Of note is that the insecure server was https:// and has a valid SSL certificate but it does not support TLS 1.2.
I have recently replaced the SSL certificates issued by RapidSSL because Symantec is no longer trusted by Google. But, after replacing the new SSL certificates I'm experiencing a privacy issue from web browsers. Browser indicates following error when I try to access a domain name which was affected by the new SSL certificates.
NET::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN
So I did research on this error and found out that this error occurs due to the public key pins cache. but further researching on this matter I found out that the public key pin for SSL certificates has not been changed with newly issued certificates. So if we compare the public key pins between certificates prior to replacement and after the replacement both has same BASE64 encoded hash value. Further, I saw that this issue is getting resolved once the browser cache is cleaned. But our clients do not like to clean their browser cache. So we cannot rely on clearing browser cache. Can you please let us know is there any other way where we can overcome this issue?
Thanks for help. I also found a solution.
For GC:
Follow instructions from this image:
For FF:
Close the browser.
Open the file "SiteSecurityServiceState.txt" from the profile folder and remove lines with site domain.
Open the browser.
I hope this will be useful if someone is confronted with the same situation.
I have been trying to configure a website I deployed on my local server with a self signed certificate for development purposes. The address I want my website to work for is example.company.local.
After I genrated a certicate using SelfSSL, I copied it to the Local Machine store in both Personal and Trusted Certifciate root . But I get the error "Server's certificate does not match the url" when I try to reach the url. Though I can ignore it, I understand that the cert auth is failing and I want to fix this. I am listing the steps I followed
Generated self signed cert using selfssl /N:CN=example.company.local /V:9999. This added the certiciate to my Personal store on Local Machine
From the mmc (type mmc in Run), I add the cert generated above to the to Trusted Root Certificate folder from the Personal folder
Restart IIS
Please suggest where I am going wrong. The url I give is https://example.company.local, but it refers to a localhost certificate.
Please try this guide. From the comments on the page it seems to be working but I did not test it.
If by any change there is still a problem I would suggest to use xca. It is built on top of openssl, has very nice GUI and has templates for CA, SSL server and SSL client. Documentation can be found here.
My IIS site is giving browsers problems. They pop up a security warning that the security certificate does not match the name of the site. I'm using a self-signed certificate for testing. I view the certificate. It has the name.
DnsName.mydomain.com
but the browser is using
MachineName.mydomain.com
There is a CNAME entry pointing DnsName.mydomain.com to MachineName.mydomain.com.
Even so, they are obviously different. Can you tell me how I can get a new self-signed certificate with the name MachineName.mydomain.com, and how to install it on my test web server such that browsers can use either name without getting this security warning?
I can have the browser install any certificate a self-signed cert from my web server, that's not the problem. The problem is the warning. Here's a screen shot of what I mean.
You can only have one cert per site.
There are a couple of heavy-handed ways of getting around this:
Completely duplicate your site and have a cert on each
Use SSL-Acceleration and have two different external IPs on a load balancer that both point to the same internal.
There's also one easy way since you're already self-signing: Just wildcard it (*.mydomain.com). Generating this on a Windows box is explained here and Generating this on a Linux box is explained here.
If you really don't want to do that, I'd just have a forced redirect from one URL to the other instead of a CNAME alias.
I'm migrating a web app from an IIS 6 server to an IIS 7 server and I'm having some troubles with getting the client's certificate.
The piece of code that I'm using looks like this:
HttpClientCertificate cert = Request.ClientCertificate;
if (cert.IsPresent)
{
...
}
On the IIS 6 server, the cert.IsPresent is always true. However, on the IIS 7 box, it is always false. Both tests were done with IE 8 from the same computer. The only change was the Server URL, so the client should be setup correctly.
I'm not getting any SSL connection errors (I'm accessing the page via https) and I've set the SSL Settings -> Client certificates: to Accept (same as the IIS 6 configuration).
I've gone through and configured the IIS 7 server as closely as I could to the IIS 6 server, but I'm still not getting the cert.
Are there other areas that I need to look at for configuration?
Also, if I set the Client certificates: to Required, I get a 403.7 error on the IIS 7 box. I don't know if that is a symptom, but just in case the information is useful...
Basically it boils down to the fact that the client can't provide the client certificate.
That's why you get the 403.7 error when you require it.
I believe you need this:
http://blogs.msdn.com/b/puneetgupta/archive/2009/08/03/where-is-the-client-certificates-ui-in-iis-7-0.aspx
Please let me know if this helps.
I came across this question while looking for more information about how to get certificates in IIS 7 vs. IIS 6. I see that #whosrdaddy's solution worked for the asker. There is something else that I had to hunt down.
One of the differences between IIS 6 and IIS 7 is that IIS 6 has the "Directory Security" tab in each web site's configuration. In order to make the web server request certificates in IIS 7, you must click on the "SSL Settings" feature for the Web Site or Virtual Directory you are configuration to see the "Client certificates:" setting: Ignore, Accept, or Require.
Make sure that this is not set to "Ignore", or else you will never get your certificates to work!
The IsPresent == false can be caused by several different things, both related to the server and the client. We hit everyone of these on the way to finally fixing these and I will detail each....
Server Issue #1 - The client cert passed in has 1 or more certification paths that do NOT exist on the server. Open the cert go to certification path (tab) and make sure each of the root authorities are in the SERVERS trusted root certificate authorities. Note, you DO NOT need to install the cert on the server just the root authorities public keys under Certificates (Local Computer) \ Trusted Root Certification Authorities.
Server Issues #2 (previously mentioned solution) - In IIS, for the site, make sure the SSL Settings are set to Accept OR Require (never ignore). The benefit of using Require is that the IIS logs will show you are 403 7 error where as Accept will just get your the IsPresent == false but with a 200 http code.
Client Issue #1 - Same as server issue #1, got to trust those authorities!
Client Issue #2 - You have the trusted root authorites but NOT the private key for the cert itself. Make sure you install the pfx (private key) into the cert store not the public key (.cer). You can also see if you have the private key by double clicking the cert in the cert store and on the general tab you should see a message saying as much.
Client Issue #3 - You put the cert in the wrong place. Probably best to place your cert in Certificates (Local Computer) \ Personal \ Certificates, rather than (current user). This will make the cert available to process accounts that are running your code and actually need access to it.
Client Issue #4 - Right mouse click the cert (in the store not a .cer file) --> All Tasks --> Manage Private Keys... and make sure the process account running your code has "Read" permission. A quick test of this (but not recommended for production use) is to add "Everyone" as read to see if this is your issue.