Hello I have a problem with an IIS 8.5 server where I have a 3.8 joomla. the problem is that I have installed the certificate and every time I enter the page only the sign of the certificate appears for a moment and then disappears I have configured the firewall and the URLs have also changed the .htacces and nothing seems to be a clear solution .
And there are times when I get a 403.3 error when I activate the ssl request in the ISS.
firstly, check if the https connection was established by checking the certificate
Chrome:- Press F12; click on security and view certificate; ALso check if the padlock is available.
If the padlock is not visible but https is shown on the address bar, then this seems to be an issue with mixed content. In short http links (images, codes) are served over https .
Related
We have recently installed an SSL certificate to our fairly old version of Drupal. The front end of it works well, however, we are now unable to log in to the admin area. We put this problem on our servers who claims the website now goes into a continuous redirect look, causing the site to crash. here is what they said.
"I have taken a further look at this and we can see some pages have specific rules in place that are forcing them to use HTTP this is then causing an issue with the redirect to HTTPS, this is essentially creating a loop as the Site goes to the HTTP which gets redirected to HTTPS, which the page then redirects back to HTTP and so on. You will need to review the content of the site and to remove the redirect(s) to HTTP for any pages that have this, alternatively, we can remove the redirect to HTTPS (However this defeats the purpose of having the SSL Certificate then). Please let me know if you would like me to remove the HTTPS redirect."
The same problem can be found here at stack overflow. However, the answer is very vague considering it's a change to the .htaccess file.
Any thoughts?
put this line at the en of settings.php
$conf['https'] = TRUE;
I am using fiddler version 4 and am unable to capture some websites like Facebook, google, gmail, yahoo; however, it captures some other websites correctly.
I checked the filters option and found that they use filters option "Unchecked" and also checked fiddler through its IP and its running correctly.
I think that's causes by missing https decryption.
There is a menu point to import the fiddler root certificate in the local certificate store.
http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/TrustFiddlerRootCert
How to:
Click Tools > Fiddler Options > HTTPS.
Click the Decrypt HTTPS Traffic box.
The problem:
I have 2 websites that have the same IP address (a domain and a subdomain), and I have an SSL certificate for each of them. The domain is a word-press site while the sub domain is a ruby on rails application. the subdomain has the certificate installed and works with no problems, but when I try to add the second certificate for the main domain, it works, but it prevents access to the subdomain.
In the web browser inspection page it shows this error :
“XMLHttpRequest cannot load https://giladparking.com/wp-content/plugins/wp-slimstat/wp-slimstat-js.php. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://monthly.giladparking.com' is therefore not allowed access.”
What I have tried:
I have followed this tutorial to allow for SNI support and it seems to work except for the previously mentioned issue.
I have taken a look at this post as well which explains that you can't make XMLHTTPRequests across domains. but this issue only arises when both certificates are in effect.
“XMLHttpRequest cannot load https://giladparking.com/wp-content/plugins/wp-slimstat/wp-slimstat-js.php....
The certificate for this sites is valid for monthly.giladparking.com and www.monthly.giladparking.com but not for giladparking.com. That's why any access to this site will fail with a certificate error. This problem is not restricted to XMLHTTPRequests.
I have a newsletter tool that, well, shows newsletters. Well, the site was on non-SSL hosting and now is on an SSL host. When a user receives the newsletter in Gmail or Outlook the images have a blue question mark on it and the image doesn't show. They can click the 'view in browser' option and everything shows up fine.
This is also with images displayed option turned on in both Outlook and Gmail.
Here's where I think I see the problem - the site does not have it's own SSL cert. It's using a server one so there is a name mismatch.
Would that be the reason why the images are not showing up in Outlook/Gmail? If so, would the solution be to get an SSL cert that matches the domain name?
Here's where I think I see the problem - the site does not have it's own SSL cert. It's using a server one so there is a name mismatch.
The certificate you're using must be valid for the host name you're using (see RFC 2818, Section 3.1). If this is not the case, your HTTPS server isn't set up properly, so you shouldn't be surprised clients don't like it.
They can click the 'view in browser' option and everything shows up
fine.
Presumably, this works because your users are willing to ignore an error message, which they shouldn't do.
I was under the impression that if a user attempted to visit a website that had been secured with an SSL certificate, but did not use HTTPS and instead used plain HTTP in the address box, a 403;4 error would be generated, and that an errormessage something like this would be presented:
"This page must be viewed over a secure channel"
"The page you are trying to access is secured with Secure Sockets Layer (SSL)."
But that's not happening on our website. You can use http://secure.oursite.com or https://secure.oursite.com and both work fine.
The company that issued the SSL certificate says our certificate checks out OK in their certificate checking tool and that it's "chaining properly" and that this is an IIS configuration issue.
Does this SSL over HTTP error checking have to be explicitly enabled?
I was planning on creating a custom error for the 403;4 condition, pointing to a file, which redirects to https://secure.oursite.com. But the error condition is not being trapped by IIS.
EDIT: I've stopped and restarted the server. Not solved.
Thanks
As per this article have you checked the "Require secure channel (SSL)" box in the properties for your site? This is what triggers the error. You can then create the redirect using a custom error page.
a 403;4 error would be generated
That's not what happens in my site. My site automatically redirects to the HTTPS port. It's done free of charge by Tomcat.