I was under the impression that if a user attempted to visit a website that had been secured with an SSL certificate, but did not use HTTPS and instead used plain HTTP in the address box, a 403;4 error would be generated, and that an errormessage something like this would be presented:
"This page must be viewed over a secure channel"
"The page you are trying to access is secured with Secure Sockets Layer (SSL)."
But that's not happening on our website. You can use http://secure.oursite.com or https://secure.oursite.com and both work fine.
The company that issued the SSL certificate says our certificate checks out OK in their certificate checking tool and that it's "chaining properly" and that this is an IIS configuration issue.
Does this SSL over HTTP error checking have to be explicitly enabled?
I was planning on creating a custom error for the 403;4 condition, pointing to a file, which redirects to https://secure.oursite.com. But the error condition is not being trapped by IIS.
EDIT: I've stopped and restarted the server. Not solved.
Thanks
As per this article have you checked the "Require secure channel (SSL)" box in the properties for your site? This is what triggers the error. You can then create the redirect using a custom error page.
a 403;4 error would be generated
That's not what happens in my site. My site automatically redirects to the HTTPS port. It's done free of charge by Tomcat.
Related
Hello I have a problem with an IIS 8.5 server where I have a 3.8 joomla. the problem is that I have installed the certificate and every time I enter the page only the sign of the certificate appears for a moment and then disappears I have configured the firewall and the URLs have also changed the .htacces and nothing seems to be a clear solution .
And there are times when I get a 403.3 error when I activate the ssl request in the ISS.
firstly, check if the https connection was established by checking the certificate
Chrome:- Press F12; click on security and view certificate; ALso check if the padlock is available.
If the padlock is not visible but https is shown on the address bar, then this seems to be an issue with mixed content. In short http links (images, codes) are served over https .
The problem:
I have 2 websites that have the same IP address (a domain and a subdomain), and I have an SSL certificate for each of them. The domain is a word-press site while the sub domain is a ruby on rails application. the subdomain has the certificate installed and works with no problems, but when I try to add the second certificate for the main domain, it works, but it prevents access to the subdomain.
In the web browser inspection page it shows this error :
“XMLHttpRequest cannot load https://giladparking.com/wp-content/plugins/wp-slimstat/wp-slimstat-js.php. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://monthly.giladparking.com' is therefore not allowed access.”
What I have tried:
I have followed this tutorial to allow for SNI support and it seems to work except for the previously mentioned issue.
I have taken a look at this post as well which explains that you can't make XMLHTTPRequests across domains. but this issue only arises when both certificates are in effect.
“XMLHttpRequest cannot load https://giladparking.com/wp-content/plugins/wp-slimstat/wp-slimstat-js.php....
The certificate for this sites is valid for monthly.giladparking.com and www.monthly.giladparking.com but not for giladparking.com. That's why any access to this site will fail with a certificate error. This problem is not restricted to XMLHTTPRequests.
I am having a domain chansek.com, hosted in Openshift through a Wordpress application. But the problem is, when I am trying to open my Wordpress Admin, it's always trying to connect through https instead of http. As I don't have any SSL certificate, it gives me some warning message. Please see the below screenshot for better understanding.
How do I make it go through http? I don't want any SSL certificate for my website as it's a personal blog.
I am also trying to use JetPack plugin. But it gives following error.
Your website needs to be publicly accessible to use Jetpack: site_inaccessible Error
Details: The Jetpack server was unable to communicate with your site
https://www.chansek.com [IXR -32300: transport error: http_request_failed SSL:
no alternative certificate subject name matches target host name 'www.chansek.com']
You have a couple of options:
1.) Disable using SSL for the admin in your wp-config.php file. (Openshift redirects wp-admin to https)
2.) Upgrade to the bronze plan and the purchase a custom ssl certificate and install it
You are getting that error from jetpack because the ssl certificate is not valid for your custom domain, only for your app-domain.rhcloud.com address.
I've set up an SSL site on server 2012 using CCS and SNI. When attempting to navigate to it over a non-SSL link (http), the site throws a 404 error.
How can I get it to show the "This site requires SSL" message?
You need to add HTTP to your bindings in IIS.
Instead of showing "This site requires SSL" you should redirect your user to the equivalent SSL page (e.g. http://twitter.com/about would redirect to https://twitter.com/about).
It is bad for both end-users and SEO to display a message with a message asking the user to change the URL. If you look at different websites on the Web you can notice that this is automatic and doesn't require any action from the user.
I have some self-signed certificate installed for my application
and so it runs on https.
https://xyz/redmine
And i want to call some insecure rather not-signed url from my application.
say,
http:9292//something/faye
The browser gives an error running insecure content
if i make other server to run on secure mode, lets say that it runs on
https:9292//something/faye
then unless user adds an exception in browser the url wont be accessible(because i am using self signed certificate)
How can i re-direct or call http from https
or
Can I add an exception in browser programatically, so that user needs not to add it.
Pointers?
If linking to content on an external site that would be served over http, you can use a protocol neutral URL.
Instead of linking to http://mysite.com/file.html, you can link to //mysite.com/file.html