I generate my own certificate with letsencrypt and recently I added a new subdomain to this certificate.
I can check on https://crt.sh that the new certificates contains this subdomain but my brosers (I tried Firefox, Chrome and Edge Chromium) still see the old version of the same certificate (which has not expired).
I tried to force the removal of the certificate (e.g. in Firefox, I applied the solution provided here: https://www.a2hosting.com/kb/getting-started-guide/internet-and-networking/clearing-a-web-browsers-ssl-state#Mozilla-Firefox) but it still show the old certificate.
How can I switch to the new one?
Related
I created a new Drupal 8 site (latest version) on my Mac, using MAMP to test locally. I'd been using a self-signed SSL certificate, and yesterday purchased a Comodo PositiveSSL Multi-Domain (DV) cert. The site comes up fine in Safari and Chrome with the new cert, but Firefox (78.0.2) is still looking at the cold cert. I've tried clearing all caches, clearing the history cache, even rebooting; nothing seems to help. Is the old one being cached somewhere? Comodo said it should work and to ask Stack Exchange.
Found the solution when I asked Firefox support forum:
follow the step:
click the 3 horizontal line top right browser screen.
click Help and select restart with Add-ons Disable.
Goto Safe Mode
click the 3 horizontal line top right browser screen . click the new private window.
I did so and re-enabled extensions and restarted, perfect!
I have had several hundred visitors and there have been two or three that have reported to get the "This website is insecure" warnings. The latest reported the same result in both the latest version of Firefox (57) and IE. I've tested on several browsers and OS's; including the same config of (win7 and FF57) the last report I have and didn't see issue. The only thing I can figure is the user's computer perhaps has malware that has overwritten their root certs. Does that make sense? Any other possibilities here?
I have started looking into testing our site with BrowserStack.
However, I'm having issues with live-testing (as opposed to automated testing with Selenium, which mostly works fine) a site we're developing as we're serving it with a self-signed certificate.
Manually approving the certificate doesn't bother me as much as the fact that some Ajax request are failing (at least on IE10) due to security issues and this makes it impossible to actually manually test the site.
An acceptable solution would be to somehow add our self-signed cert. into the list of trusted root CAs. However, I haven't found out how to upload files into the BrowserStack test environment (not sure if that's even possible, really).
Any ideas ?
I contacted BrowserStack about this issue, and their formal response is:
"We currently do not support installing client certificates on the remote machines. However, this is on our list, and we’ll keep you posted."
Hopefully this issues will be resolved soon and I'll post a different answer here.
April 2021 update:
BrowserStack has shipped a toggle to trust self-signed certs.
It is available on iOS and Android devices for now.
When it happens, open the "Network" tab, and open in a new tab the request which is failing. If it is "just" a certificate issue, you would then be able to bypass the warning. Then, your request should work correctly.
When the "Cannot Verify Server Identity" dialogue pops up, click details, then 'Trust'. This will work if all calls are to the same domain as the website.
I want to create a safari extension on my Windows 7 pc. I have created a safari developer certificate properly but I couldn't really install it. After some googling, I tried importing it into Personal and Trusted Root Certification authorities. But Extension Builder keeps showing "No Safari Developer Certificate." I even revoked the certificate and created a new one. Still no luck. Can anybody help me?
I am literally stuck to this problem for two days now.
Scenario:
The website that needs to be tested has a self signed certificate. So Internet Explorer (8 in windows XP_ shows
"The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website's address."
Now this is perfectly natural in case of IE8 and self-signing certificates so I took the following measures to no use
Manually added/installed the certificate as a Trusted Root Certificate in IE. But it doesn't get shown in the list, but it gets successfully added to all other tabs i.e. trusted root publisher,Intermediate Publisher Authority,Other People.
The same certificate gets added to firefox without any problems under "servers" and works just as expected.
I tried using the following codes but one of them worked for selenium
Proxy proxy = new Proxy();
proxy.setProxyType(ProxyType.MANUAL);
Proxy.setSslProxy("trustAllSSLCertificates");
DesiredCapabilities capabilities1 = DesiredCapabilities.internetExplorer();
capabilities1.setCapability(CapabilityType.PROXY, proxy);
When this doesn't work I tried using
DesiredCapabilities capabilities = new DesiredCapabilities();
capabilities.setCapability(CapabilityType.ACCEPT_SSL_CERTS, true);
I have the cybervillans certificate already installed.
I have tried the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312 method knowing full well it is for win7.
5.I have even tried changing the URL to the issued authority but even then the problem persists.
And now I am stuck with no alternatives.
Can anyone point it out to me how I can proceed?
It seems I'm eternally stuck with IE8.
I have searched a lot in Google as well as in this site. But couldn't find a solution to my problem.
When I use selenium across our dev/test versions of our websites I constantly get the IE screen for invalid certificates.
To pass these, you send the following into the IWebDriver instance
driver.Navigate().GoToUrl("javascript:document.getElementById('overridelink').click()")
The screen you're seeing might be a little different to the bad certificate screen, so just tweak the getElementById selector to match the anchor's Id.
I use it like Robert wrote, like this:
if (driver instanceof InternetExplorerDriver) {
driver.navigate().to("javascript:document.getElementById('overridelink').click()");
}
This change will permanently accept all certificate errors in IE, but still, elegant solution:
https://stackoverflow.com/a/7738795/2546759