I've got something weird going on with Firefox. I'm working on a web application which is hosted on multiple endpoints. I've created self signed certificates for those endpoints using Powershell, which are all signed by the same (also self signed) root CA.
In order to trust the certs I've tried a couple of things:
Exceptions in FF
Adding them to the cert store of Windows and setting 'security.enterprise_roots.enabled'
Creating a custom config using CCK2 and adding the root cert in there
When I browse the site using Firefox, the main URL works. But stuff that's being loaded from dynamically generated URLs (the why of this is not relevant) does not work. I'm getting SEC_ERROR_UNKNOWN_ISSUER error for those URLs. The only difference is that the main URL is a normal cert, the dynamically genated URL's are using a wildcard cert.
The cert chains are as follows:
Self Signed Root Cert
main.domain.com (works)
*.apps.domain.com (does not work)
So getting a page from main.domain.com works fine, no validation issues. Getting something from 1234.apps.domain.com does not work with a SEC_ERROR_UNKNOWN_ISSUER in return which I find very weird as it's the same issuer. Any ideas?
Related
I have application VueJs (Nuxt) and its admin panel on WordPress, communicate through the REST API, are located on the same domain, the admin panel is in a subfolder.
Now the domain has a self-signed certificate from LetsEncrypt, Certbot. Everything works fine, except that periodically, users displays a message that the certificate is unsafe.
Therefore, a paid COMODO certificate was purchased.
After its installation, Vue stops working with an error
500 Server error. NuxtServerError. Unable to verify the first certificate
In this case, the admin panel works correctly and shows the correct certificate data.
Surprisingly, if you deliberately enter a non-existent site address, the frontend error page 404 opens, which contains site navigation, after which you can fully use the site, navigate through the all pages before the first manual reload (eg ctrl + R).
What could be the reason for this error?
Mistake is not chained ssl cert
$ cat www.example.com.crt bundle.crt > www.example.com.chained.crt
The problem:
I have 2 websites that have the same IP address (a domain and a subdomain), and I have an SSL certificate for each of them. The domain is a word-press site while the sub domain is a ruby on rails application. the subdomain has the certificate installed and works with no problems, but when I try to add the second certificate for the main domain, it works, but it prevents access to the subdomain.
In the web browser inspection page it shows this error :
“XMLHttpRequest cannot load https://giladparking.com/wp-content/plugins/wp-slimstat/wp-slimstat-js.php. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://monthly.giladparking.com' is therefore not allowed access.”
What I have tried:
I have followed this tutorial to allow for SNI support and it seems to work except for the previously mentioned issue.
I have taken a look at this post as well which explains that you can't make XMLHTTPRequests across domains. but this issue only arises when both certificates are in effect.
“XMLHttpRequest cannot load https://giladparking.com/wp-content/plugins/wp-slimstat/wp-slimstat-js.php....
The certificate for this sites is valid for monthly.giladparking.com and www.monthly.giladparking.com but not for giladparking.com. That's why any access to this site will fail with a certificate error. This problem is not restricted to XMLHTTPRequests.
We use AWS CloudFront as our CDN in front of an Apache website running on an EC2 server. The website uses SSL (https) and CloudFront is configured to use the default CloudFront certificate, so our application loads static assets using https://xxxxxxcloudfront.net/path/to/asset, rather than https://ourdomain.com/path/to/asset.
Our SSL certificate, issues by Go Daddy, expired yesterday. After installing a new certificate on the web server, CloudFront no longer seems able to deliver any assets. It is simply returning a 502 error with the message CloudFront wasn't able to connect to the origin.
The Apache logs don't seem to indicate any problems with the new certificate, when I visit the site I can see the little green lock icon and I no longer see any warnings about an invalid certificate. Further, if I try to load the assets directly from our webserver, using https://ourdomain.com/path/to/asset, instead of the CloudFront URL, the assets seem to load without any problems.
I don't recall doing anything with CloudFront the last time we replaced a certificate. Is there something that needs to be updated in CloudFront when the webserver's SSL certificate gets updated? Any tips on what to look for?
I was able to resolve this issue!
After installing the certificates provided by Go Daddy there was an issue with the intermediate chain. The certificate chain file Go Daddy provides by default includes the root. CloudFront sees that as a problem and will not connect to the origin. I downloaded and installed the certificate chain without the root and everything started working again.
Thanks to #error2007s and #michael-sqlbot for their help!
I'm having a hard time adding my SSL cert on Parse.
I get this "App's custom domain name must match certificate CN" error. I've been following this https://www.digicert.com/csr-creation-ssl-installation-parse-php-sdk.htm#install_ssl_certificate tutorial even though i'm using javascript for my backend not PHP.
I get a checkmark (no errors) when I add my Host name so there's nothing wrong with that it would seem. I've created a .pem file with the entire SSL cert trust chain, tried uploading it but I get the same error. And just for the heck of it I also uploaded my Primary Cert without attaching intermediary or root certs which didn't work either.
I've created the CSR similar to what was shown in the example. Are there any other online help like a pay per session with a Parse developer? Because this is driving me crazy
In the Parse docs Https section it just says to upload your custom domain cert. I have my cert for my custom domain and I'm trying to upload it so why am I getting this error?
I have some self-signed certificate installed for my application
and so it runs on https.
https://xyz/redmine
And i want to call some insecure rather not-signed url from my application.
say,
http:9292//something/faye
The browser gives an error running insecure content
if i make other server to run on secure mode, lets say that it runs on
https:9292//something/faye
then unless user adds an exception in browser the url wont be accessible(because i am using self signed certificate)
How can i re-direct or call http from https
or
Can I add an exception in browser programatically, so that user needs not to add it.
Pointers?
If linking to content on an external site that would be served over http, you can use a protocol neutral URL.
Instead of linking to http://mysite.com/file.html, you can link to //mysite.com/file.html