how to deal with certificate issue in windows 8.1? - ssl-certificate

recently I was working with some facebook api and programs, and I upgrade my windows 8.0 OS to windows 8.1 OS and when I run the program I get this errors in IE11.
Content was blocked because it was not signed by a valid security certificate.
For more information, see “About Certificate Errors” in Internet Explorer Help.
how can I solve certificate issue? "how to add certificate if needed"

Open IE Tools > Internet Options > Content tab, then select the Certificates button. From there you can go through the applicable Cert types including:
Personal
Other People
Intermediate Certification Authorities
Trusted Root Certification Authorities
Trusted Publishers
Untrusted Publishers
As you mentioned "working with some facebook api and programs" check in the Untrusted Publishers section.
You can also right-click on the Windows icon and select Run, then type: certmgr.msc and go through your certificates in there as well.

Related

SSL Certificate not trusted

Having an issue with my SSL certificate. Often it seems to work fine, but sometimes the user's browser throws up a warning that it is not trusted.
I know very little about SSL certificates, but here is some information that may or may not be relevant:
URL: demo.EnterpriseJazz.com
It is a wild card certificate because
the application uses subdomains (one subdomain per registered organization Example: BobsLawnCare.EnterpriseJazz.com)
The certificate was cheap for a wild card certificate, I paid around $50 for it if I remember correctly. I believe I got it from a cheap re-seller.
The server is located in my house on a Verizon FIOS business internet connection. It is not in a data center.
Seems to work fine with:
Safari on my new Macbook Pro
Chrome on my new Macbook Pro
Firefox on my windows machine
Microsoft Edge on my windows machine
Internet Explorer on my windows machine
Opera on my windows machine
Firefox on my Linux machine (CentOS)
Not trusted with:
Chrome on my iPhone 6s
Safari on my iPhone 6s (screen shots below)
Have a look at the SSLLabs report for this site. Apart from a shockingly insecure setup you will notice:
This server's certificate chain is incomplete.
This means that the client has not enough information to build the trust path to the root certificate and thus can not accept the certificate as trusted.
However a desktop browser will attempt to work around such setup problems by trying to fill in the missing chain certificates, i.e. downloading these from the web or using cached certificates from earlier connections to other clients. But apart from the desktop browsers most other clients will not do it and thus fail.
I had the exact same issue.
After futzing with every nook and cranny of my SSL and http setups, I finally realized "How silly I was to not check the URL first!"
My browser had been connecting to the regular non-trusted site (http://example.com) and I had blindly assumed that the broken lock icon meant something was wrong with my cert installation. Duh!
Modern browsers hiding the actual protocol letters behind a pretty icon or user-friendly message that conflates two issues into one - that didn't help.
My suggestion would be to first make sure you're hitting the https version of your site. If not, your first step to the solution is to create an automatic redirect of all http to https.
I hope getting to this post first helps at least 1% of those who had this problem. I'm in that 1%

Strange certificate message

at the same(=identical) youtube url I get three different messages (see attached picture). Video is available for IE and Chrome. Most puzzling to me is that I have a private key of certificate for the server (IE version). I probably do not understand something.
Internet Explorer: Microsoft Family Safety is known to intercept SSL connecitons. That's why you see the certificate for google signed by Microsoft Family Safety and because the private key for the certificate is needed for SSL interception you see that the private key is available on the computer.
Firefox: Firefox uses the system proxy settings and thus is also subject to SSL interception. But Firefox does not use the systems CA store and thus the CA for Microsoft Family Safety is not trusted by Firefox. That's why you get the error.
Chrome: Chrome uses the systems CA store and should also use the systems proxy setting by default. But the picture shows that Chrome gets the original certificate. The only explanation I have for this is that this snapshot was either done on a different computer with different setup or that the settings of Chrome were changed so that it does not use the system settings any more.

Are SSL certificate chains different among desktop and tablet browsers?

I've got a Nexus 7 tablet with Android 4.4.2 and browsers Chrome and FireFox installed on it. When I open the website https://ib.sb24.com with it, it prompts me that the certificate is not trusted but when I open the same address with a desktop browser it's alright! Why is that?
[UPDATE]
By desktop I mean Windows and Ubuntu, Chrome and FireFox.
This looks like the server is configured wrong. It only sends a single certificate which is not signed by a known root, but instead by an intermediate CA. But the server forgets to add the needed intermediate certificates too.
The reason it works in your browser that you once browsed a site where the same intermediate CA was used and the browser cached the CA. Probably all browsers do that to help with such misconfigurations, but this does not help if the browser never visited a properly configured site with the right intermediate CA before visiting the misconfigured site.
If you don't believe me try to visit the same site with a fresh firefox profile, you will get the same problems.
Chrome most likely uses platform native store/list of trusted root certificate authorities therefore root CA which is trusted on your desktop platform (i.e. Windows) may not be trusted on Android platform.

Which code signing certificate should I obtain for an Adobe AIR application (.exe, .dmg, .deb, .rpm)

I need to sign my Adobe AIR application which is a native installer. Right now I just have a Windows version, but soon I'll be porting it to other OSes including mobile OS.
My query is whether I need to get a separate code signing certificate for each one or is one enough? Also does 32-bit and 64-bit matter?
Verisign have categorized certificates for Windows (.exe) and Adobe AIR (.air and .airi) separately. So which one should I obtain?
CAs selling code signing certificates always pretend that you need different certificates to sign different kinds of applications. This is basically a scam. Most of the time the certificates are exactly the same, only the file format might differ. Even if the file format isn't supported by your code signing tool, there are ways to convert between different formats. So basically it doesn't matter which certificate you buy.
If you package your AIR app with a captive runtime, you can simply use a self-signed certificate with the adt tool. It's only important to sign the executable created with adt and your installer afterwards. If you create a native installer directly with adt, provide your certificate using the code signing options.
Under Windows, you should use Microsoft's signtool utility to sign the .exe file of your app and your installer if you want to package with a captive runtime. So I'd choose a code signing certificate for Windows. But as I said, it doesn't really matter (and there are cheaper options than Verisign).
Under Mac OS X ("Gatekeeper"), things are a little different. You can only use certificates issued by Apple. You have to enroll in the "Mac Developer Program" ($99 per year) to receive a code signing certificate for OS X. If you use a captive runtime, sign the application bundle created with adt using the codesign utility. If you create a .pkg installer, use the --sign option of the productbuild tool. There's a similar "iOS Developer Program" for iOS apps.
Under Linux, you don't sign packages with certificates issued by a CA. You simply sign them with a GPG key that you can create yourself for free. You have to publish your public GPG key so your customers can make sure that your packages are valid, though.
For Android apps, you can simply use a self-signed certificate, AFAIK.
32-bit and 64-bit apps can be signed in exactly the same way. You don't need separate certificates. But adt will only create 32-bit apps anyway.

Remotely hosted HTTPS Images not displaying in Safari 4.1.3 on Macs

Working with a ticketing system site that must be accessed via HTTPS at https://www.threestages.net
Our images are hosted elsewhere ( https://wserver.flc.losrios.edu/~vapa/) and also accessed via HTTPS.
We have multiple reports that Safari 4.1.3 on Macs is not displaying the images. We have no reports of this behavior from any other browser or platform.
Any one have any notion what that would be about?
Thanks for any thoughts,
JG
So it turns out that Safari has an issue with the SSL Cert at https://wserver.flc.losrios.edu/
http://www.sslshopper.com/ssl-checker.html let me know that
The certificate is not trusted in all
web browsers. You may need to install
an Intermediate/chain certificate to
link it to a trusted root certificate.
Thanks for looking at this. Valuable lessons learned:
Even if 4 out of 5 browsers accept an SSL Cert that doesn't mean they all do
Just because the sysadmin says it's not his problem/mistake doesn't make it so!
Check everything. Then repeat.