I'm trying to make a Progresive Web App, with wamp server, but I need an environment that closely mimic production environment. So I'm using a virtual host to mimic a real domain, and using a self signed certificates to use an HTTPS.
The Problem is self signed certificates is not trusted by the browser, and makes my Service worker failed to register.
I've tried the solution from this thread Can you use a service worker with a self-signed certificate?, by creating a new shortcut on my desktop with the targets
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --ignore-certificate-errors --unsafely-treat-insecure-origin-as-secure=https://myvirtualhostname.com
But that doesn't solve the problem. Please anybody could help on this matter??
You should not need the --unsafely-treat-insecure-origin-as-secure flag, since that applies to insecure HTTP origins.
The --ignore-certificate-errors flag will give a warning on Chrome, but you can ignore this, it will work.
Related
I have been going around and around with this issue. I can create a dev-cert using dotnet dev-certs https --trust but the certificate only appears in the Personal certificates folder. If I try copying it to the Trusted folder it disappears on refresh. I have watched videos of people doing this on YouTube and it works so I'm not sure what is wrong with my PC/install.
Running my code and hitting the route in Postman returns a 500 error and UntrustedRoot.
I have tried this using a local user account and my admin account. I have also tried creating a certificate and importing it using OpenSSL following guides I have found, but still no luck.
I am running Windows 10 Pro on a new build PC. Windows was a clean install with a new licence.
I really don't want to have to purchase a signed certificate just to do development on localhost as that seems a bit overkill.
Any suggestions?
tl;dr try disabling your anti-virus before creating certificate!
I finally stumbled upon the answer; my anti-virus, WebRoot. I was following a YouTube tutorial on how to add a custom certificate to Kestrel and in doing so I discovered that WebRoot was blocking access to the hosts file. Disabling the av allowed me to update that file but also, it then allowed trusting of the dev-cert generated by dotnet dev-certs https --trust.
Not sure how I can prevent this in future other than temporarily disable the av before creating a certificate. Frustrating that the av doesn't warn me and there doesn't appear to be an obvious setting to allow this to happen.
These days I am researching on capturing and decoding SSL traffic from apk files, I have learned that it is possible to use Fiddler to do that, I have done all the steps in the following link
Cannot configure Fiddler proxy in Android to decrypt HTTPS
But my situation is a little different, I can decode some SSL traffic from apk files, but some SSL traffic seems does not go through WLAN, not like the situation in above links, it does not appear in Fiddler capturing window(maybe the code in apk deliberately set to not go through WLAN to avoid being captured?)
so I tried proxydroid to make all traffic go to my fiddler proxy, It succeeded, now it appears in fiddler capturing window, but it seems not using fiddler root cert like those traffic which goes through WLAN as default, so I can only see "connect to xxx" in Fiddler window, but no decryption
I even tried xpose framework and JustTrustMe, still no use(although I think the problem does not lie there)
So in such a situation, Is there a way to decode? I think the key is to both direct SSL traffic to fiddler proxy and use root cert simultaneously, but How?
UPDATE:
not to mention this specific problem, currently Could someone give me some information about how a SSL cert is used in android system, why those https links which use WLAN as default will use cert automatically, I guess it's because those links which use WLAN as default is just like use https link in browser , while cert is trusted by browser when you installed this root cert, but those links which do not use WLAN as default actually do not trigger https link like in browser, so even using some tool to redirect those links to fiddler proxy can not make it trust the cert, so they just do not use this root cert?? if my guess is right, then maybe there is no easy solution to solve this problem??
UPDATE2:
I have posted another topic, which tries to solve this problem from another perspective, it provided specific apk link, so if someone is interested, you can visit that topic to get more info
I am working on a project using libtorrent for some clients and a open tracker using mono torrent.
Pc1: Runs a tracker using mono torrent, which hosts the .torrent
Pc2: Runs a lib torrent client and hosts the content referenced in the torrent and has the .torrent, which is added to the client by passing a signed certificate, a matching private key, and dhparams and the password for the signed certificate.
Pc3: the same as Pc2 but does not host any content referenced by the torrent
The torrent is created with a CA certificate and a private key matching the CA which the signed certificates is signed against, using openssl. With no errors. (This is done on a seperate Pc from the other 3).
When I run the tracker I get no errors, only that it's running and tracking the torrent.
When I run the clients it gives me a torrent need cert alert, and I then set_ssl_certificate on the handle for the torrent, and then resumes, and I get a torrent_error_alert telling me that the torrent doesn't exist, and finaly it changes state to checking and then seeding/downloading depending on which client it is (the uploader or downloader).
The problem is then, that there is no traffic between the clients.
I can see that they are connected to the tracker, and are listening on both normal ports and the ssl ports, but there is never a connection between the two clients (Using TcpView).
There is no difference when I run with or without admin rights.
Anyone who has experienced this, or might have a solution/pointer in the right direction?
Many thanks in advance.
We are developing a local server app (written in nodejs for now), used by our web site to manipulate local files and folders (browse, upload, download...).
Basically, the customer installs the nodejs app, which starts a local server listening on 127.0.0.1.
Then, when (for instance) a list of local folders is needed on the web site, a JS script queries the local server, which returns the local folders, and they are displayed on the web site.
The problem is when the web site is configured in HTTPS, the web site's JS refuses to communicate with the HTTP-non-S nodejs app.
We are exploring various options :
using self-signed certificates deployed with the app, and trusting them on the machine during install, but I feel there will be a LOT of times when it won't work
using "proper" certificates for local.example.com, with a DNS entry where local.example.com points to 127.0.0.1, but it seems that distributing private keys to the general public is prohibited by the CGU of most (if not all) certificate authorities.
Now I thought of maybe another mean. Can a "packaged" HTTPS server (written in any language, I don't care), "living" inside an exe file, which is signed with a proper SSL certificate, use the certificate of the app?
I'm not sure if I'm making any sense, I don't know certificates very well...
Thanks!
We ended up adding a self-signed root CA using certutil :
certutil.exe -user -addstore Root "mycert\rootca.cer"
Since we're adding a root CA, it generates a warning popup that the user has to accept, but it has been deemed acceptable by the powers that be.
There is a "check config" screen that can try to add the certificate again if it hasn't been properly added the first time.
There is a case when the group policies (GPO) prevent trusting self-signed certificates. In this case, certutil has a return code of 0 (the certificate is added) but the root CA is not trusted, so the local server does not work. So, after install, we have to check that the certificate is trusted using:
certutil.exe -user -verifystore Root xxx
(xxx being the certificate serial number). This command does exit with error if the certificate is untrusted either, so we parse the output for CERT_TRUST_IS_UNTRUSTED_ROOT or 0x800b0109.
I have:
Installed XCart (Gold Plus 4.6.0 - Trial with Lexity Live) on Netfirms
Purchased (and successfully installed) a RapidSSL Premium Certificate from GeoTrust through Netfirms
Enabled SSL in XCart and updated config file appropriately.
When I run Settings::Security Settings I receive error under HTTPS Options, "Warning! HTTPS/SSL check failed. Please make sure that HTTPS is configured properly."
Question: If the certificate is installed and the software knows to go to the secure server address what could be the problem?
I realize more background info is necessary. Please help. I know nothing of ssl. I read somewhere quickly in the past year or so something about symlink-ing, etc. I don't believe this to be of use here. Perhaps I am incorrect.
All my love,
Once you have SSL configured in your browser, it should just work. Make sure your cert is actually installed correctly.
You can test it with the SSL Installation Diagnostics Tool.
If that actually comes back ok for your site, then your best bet will be to check the syslog, perhaps something is not configured properly in your webserver config?