Im having issues with angular.io in my enterprise network caused by the certificate. Looking more in detail I noticed its been signed for *.firebaseapp.com. However it looks valid in my phone. Android screenshot
It doesnt make any sense, you cant have a valid ssl connection if the certificate was signed for another domain. Does anoyone understand whats happening with that certificate and why its look valid for my android browsers?
Thanks
If you look at the certificate details all look at the long list of Subject Alternative Names you will see that *.angular.io is covered under there. You can read more about those here.
Basically, it's just a list of hostnames that can used with one certificate.
.
Related
Ignore the following, go to "#edit2"
i read a lot about SSL certificates but still i can't figure out the following:
I have a program that does a POST to my API, how do i make this program do it using the Certificate, i mean to protect the information sent.
Do i have to include the certificate in the client? or when it does the post it first asks the server for the certificate?
In the case that it should include the certificate, isn't that unsafe?
Because stackoverflow asks me to say the following:
I already tried reading a lot about SSL certificates, this https://medium.freecodecamp.org/https-explained-with-carrier-pigeons-7029d2193351 helped me a lot but still i don't get how it works for my case.
If there is any way i can try, any website that i can easy use to make an HTTPS Post, please tell me.
Thanks in advance
#edit1: To be honest, after posting this i found the right words to search on google and i found this post:
https://security.stackexchange.com/questions/110621/ssl-newbie-does-https-client-also-need-a-certificate
But i wanted to know if this applies for the following case:
file.exe doing POST to api on server (sending username and password), server answering the file.exe with "you are logged in" or "nop, wrong pw/user".
If i have SSL enabled on my page, will my .exe send the information in plain-text? and, will my API answer with plain-text?
Should i do this with POST or GET? i read that POST is better because it sends the information on the Body instead of the URL, but will the answer from the API be protected by the certificate in this case?
Thanks in advance.
#edit2: Editing 1 more time because thanks to #Ladislav Louka (idk the right way to tag someone) i found that i can intercept the packets and check that this by myself.
My last question is:
Do i need to include the certificate on the client to make everything secure? I mean, does the server really need to know if it's my client that is doing Requests? Couldn't this be unsafe because the certificate could be stolen? like the secret key? and then used for another app to do a brute force attack on my page?
Why is there a name on one of the SSL badges, but not on the other one? Why do they look different?
The URL on the top uses GeoTrust, wile the bottom one only uses a RapidSSL certificate. Could that be the reason?
Out of curiosity, what is the reason behind this? Is the badge with name more secure and/or expensive?
SSL sites with the green bar are using Extended Validation certificates.
Digicerts' Extended Validation
They are more expensive and from what I understand they do a more extensive background check before they issue it.
I'm having a hard time adding my SSL cert on Parse.
I get this "App's custom domain name must match certificate CN" error. I've been following this https://www.digicert.com/csr-creation-ssl-installation-parse-php-sdk.htm#install_ssl_certificate tutorial even though i'm using javascript for my backend not PHP.
I get a checkmark (no errors) when I add my Host name so there's nothing wrong with that it would seem. I've created a .pem file with the entire SSL cert trust chain, tried uploading it but I get the same error. And just for the heck of it I also uploaded my Primary Cert without attaching intermediary or root certs which didn't work either.
I've created the CSR similar to what was shown in the example. Are there any other online help like a pay per session with a Parse developer? Because this is driving me crazy
In the Parse docs Https section it just says to upload your custom domain cert. I have my cert for my custom domain and I'm trying to upload it so why am I getting this error?
I installed my SSL certificate yesterday. However I get the SSL warning (triangle) icon. The excuse for that is that "the page includes other resources which are not secure".
I am not sure what that means but my assumption is that it has something to do with some text inputs which are not secure.
Any information or resources to make me understand more and figure out how to secure everything will be helpful. I don't like the warning there (especially on the signup page) and need to figure out what's the issue. Thanks.
You need to make sure not to embed any resources via http:// - use only https://.
If you embed external resources which are available via both HTTP and HTTPS, you can use protocol-relative URLs such as //domain.tld/whatever - they'll be loaded over the protocol that's currently used.
I've read through related questions but couldn't quite find what I am looking for.
I have set up a domain just as "domain.com" and created two subdomains "client.domain.com" and "client-intern.domain.com". Further, there is a redirect active for "client.domain.com/intern" pointing to "client-intern.domain.com".
If I buy a single SSL certificate for "client.domain.com", will the data transfer also be secured when the client is going to "client.domain.com/intern"?
Or do I have to purchase a second certificate for "client-intern.domain.com"?
Thanks in advance for clarification,
Paul
UPDATE: If entering "client.domain.com/intern" into the web browsers address bar, this address remains there and the browser shows the content of "client-intern.domain.com" nonetheless.
You need a wildcard certificate to cover multiple subdomains (in your case domain.com, client.domain.com and client-intern.domain.com). Some CAs might offer you an option to include one or two subdomains into the certificate (as alternative name field) for free or for a small additional fee, but this is CA-dependent and in general the right way is a wildcard certificate. You can read about wildcard certs here (GlobalSign site).