Trust https://localhost:3000/ of MEAN stack in Chrome & Mac - ssl

I use Chrome in macOS Sierra 10.12.3. I guess I have already set up ssl for localhost long time ago. Now, both http://localhost/ and https://localhost/ in Chrome return the list of folders under localhost. I have created a nodejs app. So after typing npm start in a command line to run the server, we could open http://localhost:3000/#/home as frond-end in Chrome.
Now, for some reason, I need to make https://localhost:3000/#/home work in Chrome. At the moment, it gives This site can't be reached; localhost unexpectedly closed the connection error.
Does anyone know how to amend this? Should I set up something in mac or in the code of my app?
Edit 1: I have found this page: SSL/HTTPS server with Node.js and Express.js. So I generated the files and modified the node code. Now loading https://localhost:3000/#/posts/editor/ displays the page, but I want to remove the annoying Not Secure warning.
As the above screenshot shows, I was able to view its certificate (though there is an error ERR_CERT_COMMON_NAME_INVALID). I copied the certificate to the desktop and dragged it to login of the Keychain Access tool and modified its setting to Always Trust. I restarted Chrome, reloaded the page, but the Not Secure warning is still there.
Could anyone help?

There are actually lots of threads about this issue, which are quite confusing. I write the way that works for me.
I have finally followed this page to generate the files http://blog.mgechev.com/2014/02/19/create-https-tls-ssl-application-with-express-nodejs/. Note that I set localhost as Common Name (not sure if it's really mandatory).
In www of my MEAN project
var fs = require("fs");
var config = {
key: fs.readFileSync('key.pem'),
cert: fs.readFileSync('cert.pem')
};
var server = https.createServer(config, app).listen(3000);
In Chrome, I open https://localhost:3000/#/new, then I go to the Security tab of Dev Tools to view its certificate. Then drag the certificate to the desktop.
Double-click the certificate on the desktop, which opens Keychain Access. Make sure the certificate is in login (not necessarily system). If it's not, then drag the certificate in login.
Change everything to Always Trust
(maybe restart Chrome), after npm start the application, enjoy surfing https://localhost/#/new with Green Secure Light.

Are you sure you setup a Certificate Authority? Perhaps you only setup https in your code but forgot to setup a local Certificate Authority for your app to validate a certificate with. If this is the case please reference: http://www.techrepublic.com/blog/apple-in-the-enterprise/create-your-own-ssl-ca-with-the-os-x-keychain/

Related

Nothing happens when importing cert to keychain in Mac Mojave

I have a container running locally. My Apache server has a self signed certificate that I am trying to load to my Mac's keychain and I get no errors but the certificate just does not show up. I can open https://localhost on a Chrome browser and I can skip the warnings that the certificate is untrusted but I cannot use tools like Postman as the requests are blocked.
Any idea why this may be happening?
This is the steps I followed:
Opened https://localhost in Chrome. Clicked on the lock and dragged and dropped the cert to my desktop
Opened Key Chain and selected "System"
I went to File -> Import new items and selected the cert that I grabbed from the browser
No errors but the cert just does not show up on the list at all.
I am using Mac OS Mojave 10.14.6

Firefox not recognizing new ssl cert on local site

I created a new Drupal 8 site (latest version) on my Mac, using MAMP to test locally. I'd been using a self-signed SSL certificate, and yesterday purchased a Comodo PositiveSSL Multi-Domain (DV) cert. The site comes up fine in Safari and Chrome with the new cert, but Firefox (78.0.2) is still looking at the cold cert. I've tried clearing all caches, clearing the history cache, even rebooting; nothing seems to help. Is the old one being cached somewhere? Comodo said it should work and to ask Stack Exchange.
Found the solution when I asked Firefox support forum:
follow the step:
click the 3 horizontal line top right browser screen.
click Help and select restart with Add-ons Disable.
Goto Safe Mode
click the 3 horizontal line top right browser screen . click the new private window.
I did so and re-enabled extensions and restarted, perfect!

Apache Tomcat 8.5 : SSL ENABLED IN IE BUT NOT IN CHROME

I have enabled SSL for a site using jdk 1.8 and Tomcat 8.5.23.
When I hit the site in IE, first time it shows:
"Can't connect securely to this page
This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening,try contacting website's owner."
When I hit the site second time, the page loads and the application functionality works fine with SSL enabled.
When I hit the site in chrome no matter how many times, it shows:
"This site can't provide a secure connection
Abcd.xyz.com didn't accept your login certificate, or one may not have been provided.
Try contacting the system admin.
ERR_BAD_SSL_CLIENT_AUTH_CERT"
In server.xml I have added below in the connector tag:
SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
I also could not find any error in the log files.
Please help me. :(

Local site testing with BrowserStack and self-signed certificates

I have started looking into testing our site with BrowserStack.
However, I'm having issues with live-testing (as opposed to automated testing with Selenium, which mostly works fine) a site we're developing as we're serving it with a self-signed certificate.
Manually approving the certificate doesn't bother me as much as the fact that some Ajax request are failing (at least on IE10) due to security issues and this makes it impossible to actually manually test the site.
An acceptable solution would be to somehow add our self-signed cert. into the list of trusted root CAs. However, I haven't found out how to upload files into the BrowserStack test environment (not sure if that's even possible, really).
Any ideas ?
I contacted BrowserStack about this issue, and their formal response is:
"We currently do not support installing client certificates on the remote machines. However, this is on our list, and we’ll keep you posted."
Hopefully this issues will be resolved soon and I'll post a different answer here.
April 2021 update:
BrowserStack has shipped a toggle to trust self-signed certs.
It is available on iOS and Android devices for now.
When it happens, open the "Network" tab, and open in a new tab the request which is failing. If it is "just" a certificate issue, you would then be able to bypass the warning. Then, your request should work correctly.
When the "Cannot Verify Server Identity" dialogue pops up, click details, then 'Trust'. This will work if all calls are to the same domain as the website.

Installing a certificate on a PC

I have an internal website in our company that uses HTTPS and the Server's certificate. The thing is since this certificate is self-signed, when anyone browse to that web site it gives a certificate warning. What I did on my PC I opened the site in IE and then clicked on the certificate error in the address bar and on the general tab clicked on Install certificate, selected Local Machine as the store location and placed it on the Trusted root certification authorities. Using a MMC I also verified that this certificate is installed successfully. But the issue is that the certificate warning is still there!
I was facing the same problem as you before, and i think it is impossible to remove properly the warning even if you use firefox, chrome or you own web browser based on Internet Explorer libs, your company must bye a certificate from companies like verisign. The only way i found to remove the warning message using IE is to trap the window wich warn you using WINAPI (getting window handle by the window title of the warning popup then find the handle of "OK" button and send a message to simulate a press on it)..
You can try adding this to trusted sites in IE. If you have group policy access it can be set for users also.
Open IE
Click Tools and select Internet Options
Click the Security Tab
Select Trusted Sites icon and set the Security level to Medium Low.
Add the site to Trusted Sites by clicking sites button.
Close all the Windows. Then open the browser.
See if that will work for you.