I recently migrated to a new server (CentOS with plesk 11.0) and installed a new SSL certificate for my domain.
Problem now is that any IE user has the error "there is a problem with this website's security certificate" when they try to access the secure area of my site.
I've tested all main configurations - MAC/Windows/mobile plus browsers: FF,Chrome,Safari,Opera,IE and the only combination that gives me this problem is IE on windows. IE 11 works fine, all previous versions (the majority) come up with this error.
where do I start?? I can find no problem with the installation and this is obviously denting confidence in my site.
There are some known issues with IE and Certificates. Check these threads.
1) https://superuser.com/questions/379601/internet-explorer-refuses-to-connect-to-sites-with-untrusted-ssl-certificates
2) IE8 SSL Cert Problems while other browsers work like a charm
I found a work around for this issue. It is necessary to run https proxy which will accept certificate for Internet Explorer. I use a Python HTTP/HTTPS Proxy proxpy. You should point to required certificate file in core.py DEFAULT_CERT_FILE = "./cert/ncerts/proxpy.pem". So you need to use proxy settings in Internet Explorer. It is 127.0.0.1:8080 for ProxyPy by default.
Related
I know that this question was asked many times but I couldn`t make it work with answers I found on web.
My goal is to make https://my.cloudapp.net to work. So solution for this, is to buy domain and certificate and make this domain point/redirect to my https://my.cloudapp.net. I bought lets say www.example.pl. Downloaded certificate from https://example.pl. Assigned certificate to https://my.cloudapp.net using IIS.
When I visit https://example.pl certificate itself is fine but firefox shows me error:
my.cloudapp.net uses an invalid security certificate. The certificate is only valid for the following names: example.pl, www.example.pl Error code: SSL_ERROR_BAD_CERT_DOMAIN
What I`m doing wrong?
Edit Solution:
I called microsoft support and resolved the issue. The issue was on my domain provider side. My domain example.pl had forwarding wildcard *.example.pl to go to example.pl. Thats why when I made another forwarding from app.example.pl to my cloudapp it went straight to example.pl. Removed the wildcard and it started to working fine.
I attempt to visit the website https://example.pl, it works fine with IE edge or chrome explorer. Also i do a test over at the Qualys SSL Labs to check your certificate. It shows me Incorrect certificate because this client doesn't support SNI and indicate thatThis site works only in browsers with SNI support. It is the browser issue. So you could try another explorer.
You can from here to get more details.
Need help with this odd issue.
I installed an SSL Certificated from GoDaddy for a site hosted on our server (lets call this example.com). This is a Windows 2003 Server with IIS 6 with several domains hosted on it. The SSL installed properly.
However, now if I type any url of a different domain (say example.org) hosted on this same server with HTTPS, I get the following error in Chrome:
Your connection is not private
Attackers might be trying to steal your information from
(for example, passwords, messages, or credit cards).
NET::ERR_CERT_COMMON_NAME_INVALID
Firefox will also give similar errors.
example.org has no SSL associated with it and there are no other SSL Certificates for any other sites either.
I am at a loss as to how ALL sites on the server are loading with SSL. Funny thing is that clicking on the link in browser error loads the Site to which SSL is assigned, but URL remains the same.
Ex. I type https://example.org (NO SSL Associated with this site) and type enter
I see the error above
If I click on Proceed to example.org (unsafe), it takes me to https://example.org but the content loads for domain example.com which has the SSL certificate bound to it.
I have checked Metabase for Bindings and seems clean.
I have deleted the SSL certificate and installed a fresh one issued from Godaddy
Tried deleting the site from IIS and recreating the whole thing but still no difference.
No other site has any host headers for SSL Port 443
Any ideas on how this can be resolved so that ALL Sites don't load on SSL? Thanks in advance.
Go to IIS Manager.
Open property page of website where you dont need SSL (example.org as mentioned in question) by right click on website and select properties.
Go to directory security tab
Click Edit button located in ottom section of tab.
Verify if very first checkbox called "Require secure channel(SSL)" is UNCHECKED.
Ok this is weird, I'm using WebScarab to analyse some HTTPS traffic.
Every time I trie to access an HTTPS website, I'm asked to add an security exception (which is ok and works).
The problem is, when I trie to access https://github.com there is no way to add an exception for it. So I just can't surf over github.com using WebScarab as proxy.
And idea why this is happening?
UPDATE:
I tried again using Firefox (29.0.1 just updated) on OS X (10.9.2) using webscarab (1.0 (1.0) master version) and it now works (I don't know maybe I did something wrong).
Anyway, I still have a problem with Kali Linux and Iceweasel (22.0) using webscarab (again master version). This is what I see
You are getting this warning message since Webscarab using the self signed certificate to connect the https website.
In latest version of browser FF or IE , browser restricts the option to skip for self signed certificate.
Solution:
You can try in lower version of FF or IE.
I am trying the Browserlink feature of ASP.NET MVC 5 and everything works great for non SSL pages. But if I navigate to a SSL page (with https url), I see 0 connections in the Browser link dashboard. So, is it true that Browser link works only for non SSL urls ? Or am I am missing any settings which will allow me to get Browser Link connection for both SSL and Non SSL urls ?
(I am testing from IIS)
According to this link, Microsoft is working on it.
I have been able to get around the issue by following these steps (using Chrome):
When the debugger opens the browser, open the F12 tools.
Go to the Console tab.
There should be an error message that looks something like this: GET https://localhost:[port]/[guid]/browserLink net::ERR_INSECURE_RESPONSE
Open the link in a new tab.
Click Proceed anyway.
Close the Browser Link tab.
Reload the tab with your app.
Browser Link should then start working.
I've also worked around it by getting the script link, reducing it to the root, and browsing there. Once there, accept the cert warning then view the cert and install it into the trusted roots. From then on, the cert will be trusted and the script will load automatically.
It appears that this limitation has been removed in Visual Studio 2015. I do not see any mention of this in the release notes, but Browser Link is fully operational in my dev environment under SSL.
I was unable to get Browser Link, Web Essentials, to work with SSL, even with the mentioned remedies. I was able to find a way, however, to get it work for me.
I am running my app through IIS (not express) and my app was nested under the default website. When debugging the site I saw that Chrome was dumping a connection error with a URL using port 44399. Adding a binding for this port, for https, then allowed the connection to be successful. I also used a local development cert for the SSL Certificate.
DISCLAIMER: Visual Studio tries to be your buddy and not use ports that you've bound to in IIS so once you close and re-open Visual Studio it will likely not use the 44399 port anymore. It looks like it decrements until it finds the next available port. So assuming you're not using 44398 this will be your number. Once you unbind 44399, then close and re-open Visual Studio it will likely rebind to 44399 again.
Hopefully this helps some of you out.
I had a similar issue involving custom domains and subdomains on IIS Express over HTTPS.
(Using SSL certificate I self-signed with support for localhost and my custom domain, installed with self-signed root authority in the trusted certificate store)
I had got IISEx to use the certificate and serve it on port 443 (as admin user), but browserlink was failing with CONNECTION_RESET.
This persisted even after switching back to using localhost as the website url for IIS etc.
Turns out I had forgotten to replace the certificate associated with the other ports IIS Express uses (specifically port 44399), which were still associated with the default development certificate used by IIS Express
http://www.iis.net/learn/extensions/using-iis-express/handling-url-binding-failures-in-iis-express
http://benjii.me/2014/11/run-iis-express-on-port-443-using-ssl-and-wildcard-subdomains/
[Simple Guide but missing the delete existing certificate bindings guidance]
For Windows 10 IIS Express users.
In visual studio click "View in Browser" in Browser Link
Dashboard .
An IIS Express icon will appear in system tray.
Right Click the IIS Express icon.Your application should be listed in both HTTP and HTTPS.
Hope it helps.
Newbie IIS question:
I want to setup HTTPS access for my XHTML page (not asp.net) hosted on my IIS 6.0 server. So far I have done the following:
In IIS Manager, for the particular folder, the following are set:
Require secure channel (SSL)
Require 128 bit encryption
Ignore client certificates
However when I try to access the page from IE 8.0 there is the following error:
"Internet explorer cannot display the page".
The options for using SSL and TSL are ON in the IE settings. Same error with Firefox also.
Apart from the above is there any else I should setup on the IIS server?
Have you generated a self-signed server certificate?
Here are the official instructions for setting up SSL in IIS. You can find directions here for creating a self signed certificate if that is the route you want to take.