A website my company develops has a security certificate error in IE(8)
It can be found here: www.fonq.nl
Anyone having similar problems and a solution?
Google Certificate issue
Certificate error message at the bottom of the screen:
"Internet Explorer blocked this website from displaying content with security certificate errors"
The error message appears when accessing Google (Gmail, Google Calendar, Google browser)
The error message only appears in Internet Explorer 10 --- not with Firefox, Safari, Netscape
Note: "www.google.com" appears at the bottom of the "Untrusted Publishers" list (Tools-Internet Options-Content-Certificates-Untrusted Publishers) and cannot be edited or removed. The intended purpose of this certificate is for server and client authentication.
Measures I have already taken to eliminate the message, but without success:
1. Re-set the date and time (5 times)
2. Ran a full system scan w/ Microsoft Security Essentials (twice)
3. Ran a full system scan with Ace Utilities [including registry clean] (3 times)
4. Removed and reinstalled Internet Explorer (twice)
5. Disabled all add-ons and extensions
6. Placed Google URLs in the list of "trusted sites" (Tools-Internet Options-Security-Trusted Sites)
7. Unchecked (Tools-Internet Options-Advanced-Security) "Check for Publishers' Certificate Revocation"
8. Unchecked (Tools-Internet Options-Advanced-Security) "Check for Server Certificate Revocation"
9. Unchecked (Tools-Internet Options-Advanced-Security) "Check for Signatures on Downloaded Programs"
What finally worked: Unchecked (Tools-Internet Options-Advanced-Security) "Warn about certificate address mismatch*"
Related
I know that this question was asked many times but I couldn`t make it work with answers I found on web.
My goal is to make https://my.cloudapp.net to work. So solution for this, is to buy domain and certificate and make this domain point/redirect to my https://my.cloudapp.net. I bought lets say www.example.pl. Downloaded certificate from https://example.pl. Assigned certificate to https://my.cloudapp.net using IIS.
When I visit https://example.pl certificate itself is fine but firefox shows me error:
my.cloudapp.net uses an invalid security certificate. The certificate is only valid for the following names: example.pl, www.example.pl Error code: SSL_ERROR_BAD_CERT_DOMAIN
What I`m doing wrong?
Edit Solution:
I called microsoft support and resolved the issue. The issue was on my domain provider side. My domain example.pl had forwarding wildcard *.example.pl to go to example.pl. Thats why when I made another forwarding from app.example.pl to my cloudapp it went straight to example.pl. Removed the wildcard and it started to working fine.
I attempt to visit the website https://example.pl, it works fine with IE edge or chrome explorer. Also i do a test over at the Qualys SSL Labs to check your certificate. It shows me Incorrect certificate because this client doesn't support SNI and indicate thatThis site works only in browsers with SNI support. It is the browser issue. So you could try another explorer.
You can from here to get more details.
Need help with this odd issue.
I installed an SSL Certificated from GoDaddy for a site hosted on our server (lets call this example.com). This is a Windows 2003 Server with IIS 6 with several domains hosted on it. The SSL installed properly.
However, now if I type any url of a different domain (say example.org) hosted on this same server with HTTPS, I get the following error in Chrome:
Your connection is not private
Attackers might be trying to steal your information from
(for example, passwords, messages, or credit cards).
NET::ERR_CERT_COMMON_NAME_INVALID
Firefox will also give similar errors.
example.org has no SSL associated with it and there are no other SSL Certificates for any other sites either.
I am at a loss as to how ALL sites on the server are loading with SSL. Funny thing is that clicking on the link in browser error loads the Site to which SSL is assigned, but URL remains the same.
Ex. I type https://example.org (NO SSL Associated with this site) and type enter
I see the error above
If I click on Proceed to example.org (unsafe), it takes me to https://example.org but the content loads for domain example.com which has the SSL certificate bound to it.
I have checked Metabase for Bindings and seems clean.
I have deleted the SSL certificate and installed a fresh one issued from Godaddy
Tried deleting the site from IIS and recreating the whole thing but still no difference.
No other site has any host headers for SSL Port 443
Any ideas on how this can be resolved so that ALL Sites don't load on SSL? Thanks in advance.
Go to IIS Manager.
Open property page of website where you dont need SSL (example.org as mentioned in question) by right click on website and select properties.
Go to directory security tab
Click Edit button located in ottom section of tab.
Verify if very first checkbox called "Require secure channel(SSL)" is UNCHECKED.
I recently migrated to a new server (CentOS with plesk 11.0) and installed a new SSL certificate for my domain.
Problem now is that any IE user has the error "there is a problem with this website's security certificate" when they try to access the secure area of my site.
I've tested all main configurations - MAC/Windows/mobile plus browsers: FF,Chrome,Safari,Opera,IE and the only combination that gives me this problem is IE on windows. IE 11 works fine, all previous versions (the majority) come up with this error.
where do I start?? I can find no problem with the installation and this is obviously denting confidence in my site.
There are some known issues with IE and Certificates. Check these threads.
1) https://superuser.com/questions/379601/internet-explorer-refuses-to-connect-to-sites-with-untrusted-ssl-certificates
2) IE8 SSL Cert Problems while other browsers work like a charm
I found a work around for this issue. It is necessary to run https proxy which will accept certificate for Internet Explorer. I use a Python HTTP/HTTPS Proxy proxpy. You should point to required certificate file in core.py DEFAULT_CERT_FILE = "./cert/ncerts/proxpy.pem". So you need to use proxy settings in Internet Explorer. It is 127.0.0.1:8080 for ProxyPy by default.
I have an SSL certificate that does not inhibit the loading of a client's site when viewed in Chrome, Safari, or Android Browser. Unfortunately, when viewed in Firefox, I encounter the following error message:
An error occurred during a connection to www.rzim.org.
Peer's Certificate has been revoked.
(Error code: sec_error_revoked_certificate)
My only "lead" online was concerning intermediate certificates. Any thoughts are greatly appreciated. Thanks!
When Firefox web browser checks a security certificate, it also checks with the issuing authority if the certificate is valid. It appears that, near a certificate’s expiration date, the issuing authority may release a new certificate. The two certificates have conflicting expiration dates.
For reasons unknown, this caused Firefox to report a sec_error_revoked_certificate error and refuse to allow you to connect to the site!
You can go through the following steps, but it will reduce the security.
Firefox main menu -> edit ->Preferences
click on Advanced Tab
select certificates
click on validation
Uncheck the option "Use the Online Certificate status
protocol(OCSP).........."
Click OK button
Now you can see the page with out error.
The instructions provided in the answer by Arjun KP don't work for more recent versions of Firefox (tested on v. 57.0.1). Instead, here's what I did:
Enter about:config in the address bar, accepting the risk if prompted.
Enter security.OCSP.enabled in the search bar.
Change the value of that setting from 1 to 0.
Reload the page that failed.
After doing this, my site started working.
However, as Arjun mentioned, this will reduce the security of Firefox, since it disables the Online Certificate Status Protocol. Ideally, you should reset the setting to 1 after you finish with that site, and not load other pages while it is set to 0.
An update to ARJUN KP's answer, which works with Firefox Quantum, v68:
Open Firefox options
Privacy & Security
At the bottom, under Certificates, uncheck: "Query OCSP responder servers to confirm the current validity of certificate
If you have this problem you can check if the cause is a negative OSCP server response. In my case the website has a new valid certificate but the OSCP server is not updated and Firefox refuses to show the page. The OSCP server still says that certificate is revoked.
Here you can check any URL:
https://certificatetools.com/ocsp-checker
Haven't yet been able to find the elusive "Advanced" button though I've been to numerous forums and it is referred to often. The solution here didn't work because the "Use the online certificate protocol" doesn't exist under Preferences>Security>Certificates. QUERY OCSP responder exists and I unchecked that.
My company provides third-party customer service for a Big Communications Company (hereafter BCC). Our employees must log in to BCC's site to help customers. I have also created some intranet resources for them to use.
If they are signed in to BCC's site, my intranet site will not load in another tab or window - it says "Internet Explorer cannot display the web page, most likely causes: you are not connected to the internet..." etc.
What's going on here? Can I fix it?
Here are as many details as I think may be relevant:
BCC Site
Requires IE
Before a user can access it, they must install a certificate on their machine, issued to them personally
Has agonizing sign-in process that freaks out our antivirus software:
Popup - choose a certificate
Popup - "An application is requesting access to a Protected Item - CryptoAPI Private Key - OK"
Sign in with username and password
Click on one of two links
Message - "This website wants to run the following add-on: 'SSL VPN Relay Loader' from 'Cisco Systems, Inc (Unverified Publisher)'. If you trust the website and the add-on and want to allow it to run, click here..." (and simultaneous pop-up like the previous one).
Popup - "The applications digital signature has an error. Do you want to run the application? Name: jpimp. Publisher:Cisco Systems, Inc. From (URL listed)."
Antivirus software warns "C:\Program Files\Java\jre6\bin\java.exe "process is trying to inject into another process. This behavior is typical of some malicious programs." Terminate, Deny, or Skip. - SKIP"
Sign in with another username and password
Popup - "This page contains bot secure and nonsecure items. Do you want to display the nonsecure items? - Yes, No, More Info - YES"
Appears to be Java Server Pages. Uses lots of frames. Disables right-click with JavaScript.
Intranet site
PHP and login-based, but a simple "hello world" HTML page fails the same
Running on Apache on a Windows Server machine; using port 88 to avoid conflict with IIS
Known workarounds
Visit the intranet on localhost. It will load when the server copy won't. It makes no difference whether localhost uses port 80 or 88. (Obviously this only helps me.)
Open FireFox for the Intranet site (not all users have this option currently)
Open a new copy of IE from the Start menu and load the Intranet site there. This works, even though it looks identical to opening a new window from an existing IE instance, which fails.
Is the BCC site somehow hijacking IE's DNS? Is localhost exempt from that?
I suspect that the "SSL VPN Relay Loader" actually starts some kind of VPN in that IE session and thus you are not on able to reach your intranet anymore.