PhpStorm version 2017.2.3:
I am suddenly getting notifications such as the screenshot below, and they're persistent:
I believe (as you may be able to gather from the image), that what is happening is that PhpStorm is trying to connect to the http://www.viridor.co.uk domain and then is being presented with an untrusted certificate from the (https) domain varient.
I keep telling PhpStorm to reject this certificate. I don't want it saved. But PhpStorm keeps bringing up this notice.
What I've tried:
I have read through the settings menu to see if I can find a way of sorting this but have not found anything suitable:
What I'd like to achieve:
Why does PhpStorm reject the certificate, can we edit these rejection criterias? this is the first time I've seen this and I'm sure PhpStorm has been checking a multitude of links from various project sites I work on. (please see below some certificate diagnostics)
How can I get PhpStorm to remember my rejection for this certificate?
If not, how can I turn off PhpStorm checking URLs outside the project scope (hopefully for just this project rather than all projects)?
Extra info:
I have run the url (viridor.co.uk) through the Qualys SSLTest and it came back
This server's certificate chain is incomplete. Grade capped to B.
source.
I would like to think that this certificates problems are the direct cause of this issue, but now I'd like to know how I can solve this issue.
Related
I'm hoping for some help with troubleshooting a frequently received error on my computer. I often try to navigate to very common websites such as https://illinoiscomptroller.gov. This is fine on my work computer, I receive no error. On my laptop at home, I get the NET::ERR_CERT_REVOKED error.
I'm not really all that experienced in troubleshooting these types of errors, but I have been getting this message for so long and would really appreciate some help resolving this issue. Every time I google for an answer, most sources suggest there is really an invalid cert, but I know this isn't true. Other answers point to an incorrectly installed cert, but again, I know this isn't the case.
I think the issue lies somewhere in my configuration on my machine. I don't have any fancy firewall set up. What I have noticed is if I click on the "Not Secure" message in the URL part of the Chrome browser, it tells me the cert was revoked by one source.
On my work computer, for the same website it says it has a valid SSL cert through DigiCert. I looked at my Internet Options SSL Cert providers and DigiCert is on there? Any ideas what I can do to figure this out?
recently, I ordered a SSL certificate for my website. Prior to that, everything worked fine for me, the website was fast and I had no issue. Since the certificate has been installed by OVH... Well... Things changed... The issue is that not everybody has the same behaviour as me. When I go on "https://www.areaprog.com/" with different browsers, here is what I get:
Chrome:
"Your connection is not private
Attackers might be trying to steal your information from
www.areaprog.com (for example, passwords, messages or credit cards).
NET::ERR_CERT_COMMON_NAME_INVALID"
Firefox:
"This connection is untrusted
You have asked Firefox to connect securely to www.areaprog.com, but we
can't confirm that your connection is secure.
Technical details:
www.areaprog.com uses an invalid security certificate.
The certificate is only valid for ssl2.ovh.net
(Error code: ssl_error_bad_cert_domain)"
Internet explorer:
"The security certificate presented by this website was issued for a
different website's address.
Security certificate problems may indicate an attempt to fool you or
intercept any data you send to the server."
I asked to OVH and everything is fine for them and apparently, it is also the case for other people out there (I asked around to see if I was the only one), but other people also experiences the same issue...
Moreover, Firebug keeps on saying:
"This site makes use of a SHA-1 Certificate; it's recommended you use
certificates with signature algorithms that use hash functions
stronger than SHA-1"
Besides, for people who are experiencing this issue, well, the site is extremely slow. For me, a simple page takes more than 20 seconds to load...
Does some of you have the same issue than me and does someone have an idea of what to say to OVH who keeps telling me that everything is OK?
Thanks a lot
I have started looking into testing our site with BrowserStack.
However, I'm having issues with live-testing (as opposed to automated testing with Selenium, which mostly works fine) a site we're developing as we're serving it with a self-signed certificate.
Manually approving the certificate doesn't bother me as much as the fact that some Ajax request are failing (at least on IE10) due to security issues and this makes it impossible to actually manually test the site.
An acceptable solution would be to somehow add our self-signed cert. into the list of trusted root CAs. However, I haven't found out how to upload files into the BrowserStack test environment (not sure if that's even possible, really).
Any ideas ?
I contacted BrowserStack about this issue, and their formal response is:
"We currently do not support installing client certificates on the remote machines. However, this is on our list, and we’ll keep you posted."
Hopefully this issues will be resolved soon and I'll post a different answer here.
April 2021 update:
BrowserStack has shipped a toggle to trust self-signed certs.
It is available on iOS and Android devices for now.
When it happens, open the "Network" tab, and open in a new tab the request which is failing. If it is "just" a certificate issue, you would then be able to bypass the warning. Then, your request should work correctly.
When the "Cannot Verify Server Identity" dialogue pops up, click details, then 'Trust'. This will work if all calls are to the same domain as the website.
I was recently given a VB.NET project for fixing some bugs and creating an installer for it. I was told to use Install Shield LE.
All went well with creating the install script but Windows 8 is giving me a smart screen warning when downloading the application from a web site and trying to install it.
I am aware of Windows 8 policy where popular applications get more "trust points" and become popular but the application is targeted for a fairly small audience of people therefore we can not rely on this option. Even more, people without proper knowledge would be repelled by the warning message and that could cause MS to never raise the trust for the application.
My question is, do I have to sign both - the application and the installer with a certificate? If so how do I sign the installer, as there is a signing tab for the project but I can't find one for the installer.
Bonus points if anyone can tell me if acquiring a proper certificate will remove the warning message telling this isn't a commonly downloaded file and might be dangerous from chrome/IE when downloading the application. There are many threads about this, I know, but most of them suggest adding the site to webmaster tools but that hasn't helped and we're still receiving the message
Thanks.
If I have read your post correctly then you are talking about an application as opposed to a website, and for that you would need a code signing certificate. Certificates that sign websites are different so first and foremost decide what it is that you are producing and want to sign.
Having decided that then you need to decide who you will use to supply your certificate. Typical sources would be VeriSign, Thwaite or Globalsign to name but three. All charge different prices but essentially do the same thing.
Once you have the certificate then the installer that you use to build your application signs the code files you select and the actual installer (msi or exe) itself.
That should eliminate the message that you now see warning people about potentially dangerous files that they are about to download.
I cannot stress enough however that you need to be clear about which type of certificate you need BEFORE you go ahead and buy one. I think from your description you are talking about a code signing certificate but do check first.
Following CAB forum regulation you will need to have an Extended Validation code signing in order to bypass the smart screen filter.
Extended Validation code signing will establish immediate trust with the machine, as you go through a more stringent validation process to obtain it! (or at least that's the rationale behind it!)
I think you can get an extended validation code signing either from SYmantec or GLobalsign.
I am using this webkitdotnet in my C# project. It all went well until I had to use access site with https.
I've searched their forum and found few posts about this but none of it solves my problem, so please shed some light on this one. Thx!
edit: Also as mentioned in their threads (also without an answer) I get a "Peer certificate cannot be authenticated with known CA certificates" error when trying to access my server, but https://www.google.com works fine.
They also mention the "apple" build which worked fine with ssl (at least so they say), but I can't find it anywhere...
This is a bit of a hack, but you can make webkitdotnet ingore peer ssl errors. WebKitDotNet uses WebKit, which, in turn uses curl, which is responsible for your wonderful ssl error there. curl exposes an option to ignore ssl errors, but neither webkit nor webkitdotnet seem to expose this functionality in their api. However, if you checkout the webkit source code, webkit sets the curl option (CURLOPT_SSL_VERIFYPEER) to false if the value of the environment variable WEBKIT_IGNORE_SSL_ERRORS is set to true.
What this all boils down to is that if you set the environment variable in code before initializing either webkit or webkitdotnet components, webkit will ignore the bad certificate and allow you to navigate to the site (sort of like clicking Proceed Anyway on IE9's Bad Certificate Warning page).
C++:
setvar("WEBKIT_IGNORE_SSL_ERRORS", "1");
C#:
Environment.SetEnvironmentVariable("WEBKIT_IGNORE_SSL_ERRORS", "1");
If anyone is interested, the webkit source code referenced is in file webkit\Source\WebCore\platform\network\curl\ResourceHandleManager.cpp at lines 65 and 681, currently.
After long googling I finally ended up purchasing a SSL certificate for my domain and now all is fine. Also, a good to note is that Webkit is the easiest to work with and allows for DOM access and manipulation.
I tried the code below and works for me.
webkitBrowser.Preferences.IgnoreSSLErrors = true;