Using browserstack to test my app in different browsers and getting the following error: content was blocked because it was not signed by a valid security certificate
Is there any way to bypass that?
If you are using a self-signed certificate you have to set acceptSslCerts parameter to True in your configuration.
Related
i am getting this notice in the chrome console on every page that has google adsense on my site
The SSL certificate used to load resources from https://sync.mookie1.cn will be distrusted in M70
my domain has nothing to do with https://sync.mookie1.cn , is it like a general message? or do i have to replace my SSL certificate?
my certificate is issued by commodo, i think they have nothing to do with that
let me know what you think
It's an ad from an ad server that has certificate signed by an untrusted root certificate.
It might be from google or another ad network or your site might just be infected.
The only way to make it stop is to eliminate the reference to the site/page with the bad cert.
I am trying to setup Grafana using the Azure AD configuration in its OAuth setting and the only way to get it working is by using a certificate. Which is fine except for the part where they will not accept privately signed certificates. Unsurprisingly, it throws the following exception:
Error getting user info: Get https://: x509: certificate signed by unknown authority
Do you know a work around? Or the right setting to make grafana use a privately signed cert?
You can add tls_skip_verify_insecure = true to the [auth.generic_oauth] block.
I try different solutions and only two works for me:
You can set tls_skip_verify_insecure = true in grafana.ini file, but is not a good solution because is not secure like is said in the documentation of Grafana (https://grafana.com/docs/grafana/latest/auth/generic-oauth/):
"tls_skip_verify_insecure controls whether a client verifies the server’s certificate chain and host name. If it is true, then SSL/TLS accepts any certificate presented by the server and any host name in that certificate. You should only use this for testing, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks."
The other solution, and the one that I´m currently using, is adding my CA (the one that I use to sign my certificates) to the trusted CA's of Grafana in the /etc/ssl/certs/ca-certificates.crt file (adding it at the end of this file).
I hope this helps you, it works for me, but I´m not sure if it's the best solution.
In OpenShift Origin 3.6, with advanced installation method, I configured custom TLS certificate for the web console and for the router.
For the web console, the parameters I used in the Ansible inventory are:
openshift_master_named_certificates=[{"certfile": "/root/star.paas.certs/star.paas.local.cert.pem", "keyfile": "/root/star.paas.certs/star.paas.local.key.pem", "names": ["master.paas.local"], "cafile": "/root/star.paas.certs/ca-chain.cert.pem"}]
openshift_master_overwrite_named_certificates=true
And for the router, the parameters are:
openshift_hosted_router_certificate={"certfile": "/root/star.paas.certs/star.paas.local.cert.pem", "keyfile": "/root/star.paas.certs/star.paas.local.key.pem", "cafile": "/root/star.paas.certs/ca-chain.cert.pem"}
On the TLS certificate side, a custom Certificate Authority has been created and saved to file ca-chain.cert.pem. And a custom Certificate based on this CA has been generated (star.paas.local.key.pem and star.paas.local.cert.pem).
As you may have noticed, I use the same certificate chain for the OpenShift web console (served in my case at master.paas.local:8443) and for the embedded router (for apps routed as https://*.paas.local).
Then, when I want to access the web console, the prerequisite is to import the root CA into my browser.
The point is: when I use Chromium and go to master.paas.local:8443, the connection is considered unsecured (NET::ERR_CERT_AUTHORITY_INVALID). And when I ask for more information, I notice that the certificate hierarchy is incomplete:
Certificate details in Chromium
Interestingly, this does not happen in Firefox, which is the only browser known to me that behaves the expected way:
Certificate details in Firefox
On the opposite, all the TLS-secured public routes served by OpenShift for my apps are considered secured by all the browsers I tested, with the very same certificate chain as the one I use for the web console.
Is there a working way to make openshift(-ansible) take my custom CA into account when serving the web console in all modern browsers?
It seems to me that OpenShift web console does not send root/intermediate CA during TLS handshake.
The ansible playbook appears to support providing a cafile for named_certificates, and places the files. However the running system doesn't support the cafile key, so it is ignored. If you provide the certfile as a full bundle (bundle+cert) then it should start working.
I submitted a PR to the playbook to handle this task.
I am trying to use SSL with my webapi published using IIS.
I've enabled SSL in webapi project by setting SSL ENABLED to TRUE.
On the local pc I've created a self signed certificate, which gets issued to MyPcNameHere/MyCompanyDomainHere. (not sure if that matters)
now if I browse to webpage in chrome/mozilla I get a warning... your connection is not secure. Mozilla's error is THE CERTIFICATE IS NOT TRUSTED BECAUSE IT IS SELF SIGNED.
What are my options here for handling this? (when I get this warning is the connection truly not secure? Or is it purely a warning that the certificate is self signed?)
I don't mind getting a third party certificate, but when I tried it wanted me to verify I own domain. This myPc/myDomain is inside a company firewall so I don't see how I could obtain a certificate.
any suggestions?
You get that error (warning actually) because you're using a self signed certificate, which your browser doesn't recognize.
Your options are:
obtain a certificate issued by a trusted provider (the root certificate of the issuer will be present in the trusted root certificates store of your browser/system
make the browser trust your self signed certificate (here's a guide for Chrome, I didn't find any for Mozilla - you have to just add a permanent exception)
Now, if you're using this only for a test, you can get the browser to trust your self signed certificate.
If you're in a company network, and you have the resources, you might consider setting up a local CA, which you then may use to issue certificates for testing machines on the Intranet, or for you dev environment. You will of course deploy the root certificate on all machines' trusted certificate store.
If you're going live with this (production machine accessible over the Internet), you have to really consider a provider.
Ever since moving an internal apex website from the embedded PL/SQL gateway to a weblogic server browsers throw certificate errors.
How can i get rid of these errors/fix the certificates?
Internet Explorer:
The security certificate presented by this website was not issued by
a trusted certificate authority. Security certificate problems may
indicate an attempt to fool you or intercept any data you send to the server
Chrome:
You attempted to reach sy02131.adt.com, but the server presented a
certificate issued by an entity that is not trusted by your computer's
operating system. This may mean that the server has generated its own
security credentials, which Google Chrome cannot rely on for identity
information, or an attacker may be trying to intercept your communications.
Out of the box, the embedded SQL gateway (EPG) uses no SSL. It looks like your Weblogic instance did or even requires SSL. It's probably using a set of starter keys that you're meant to replace. At any rate, your browser is causing this problem, not the server. You should be able to bypass this as a warning in the browser or add an exception. If you want this error to go away in production, get some proper SSL keys from a certificate authority.
Here is how to configure them once you get them:
http://docs.oracle.com/cd/E12840_01/wls/docs103/secmanage/ssl.html