I didn't configure the HTTPS on my domain so I'm not really sure where to start with this warning prompt that I only get on iOS Safari on my iPhone and iPad. I've never gotten this on a desktop with Mac Safari, Chrome, FF, or IE.
Can someone point me to a file on my ubuntu/apache EC2 server or somewhere on the site of my domain provider, GoDaddy, that deals with verifying certificates.
For those on Nginx you need to append the gd_bundle.crt file to your other .crt cert. Just cat gd_bundle.crt >> yourwebsite.crt and restart Nginx.
Tim,
If browsers on desktops are showing the SSL without warning, and the warning you are getting is on a mobile device, the issue is most likely with the intermediate certificate of the Certificate Authority that issued the SSL not being installed properly. I suggest that you contact the issuer of the certificate for help with this and not the host or the domain registrar.
I found the link which solved my problem.
I needed to put BOTH .crt files from GoDaddy into my /etc/apache2/ssl folder on my apache EC2 server and add the following to my /etc/apache2/httpd.conf file:
SSLCertificateFile /etc/apache2/ssl/mysite.com.crt
SSLCertificateChainFile /etc/apache2/ssl/gd_bundle.crt
Related
I missed the end date of my SSL certificate few days ago but I did buy the renew last month. My app runs with Ruby on Rails using Heroku and CloudFront for the assets. My SSL certificate come from RapidSSL.
Here is the process I did:
I got the RapiddSSL key by email that i store in a crt file
I ran the Heroku command line heroku certs:update cert.crt server.key -- app remote production
The command line heroku certs --app remote production results with a trusted status but when I open the URL browsers warns about that untrusted certificate.
At the same time none of application assets stored on CloudFront are available (net::ERR_INSECURE_RESPONSE).
I asked for help on Heroku assistance, they told me that the SSL certificate for the app is OK but it's seems to need an update for assets certificate.
So I went to AWS console in aim to find CloudFront SSL configuration, I ended on ACM console page to give the RapidSSL certificate to resolve the problem but I cannot be sure to take the right files to do this.
What I need is to solve the access to the website and to the associated assets to ensure trust of my customers.
What did I wrong? Am I missing something?
Thanks for any help you can provide!
Generally net::ERR_INSECURE_RESPONSE error occurres in SSL certificate when the browser found the mixed content warning. Which simply means few of your content is active with HTTP and others are active with HTTPS.
Please check your content portion, if you find any content which is active with HTTP, turn in into HTTPS.
It sounds like maybe the issue might be an outdated certificate on CloudFront.
If so, you can either upload your RapidSSL certificate using aws iam upload-server-certificate, or (I'd prefer) request a new certificate that you'll only use with CloudFront from AWS Certificate Manager. The latter is free, and AWS will autoupdate the certificate before it expires.
You can start this simple and quick process by going to your CloudFront distribution in AWS Console, and clicking Edit > Request or Import a Certificate with ACM
Once that is done, you will be able to choose the certificate from the Custom Certificate dropdown at the same location (screenshot).
Note: If you upload your RapidSSL certificate, it must be uploaded to eu-east-1 (N. Virginia) in order to be used with CloudFront. Requesting ACM Certificates must also be done in this region
If you provide an URL to your website, it's easier to confirm this issue.
I scribbled some notes on this here with more details on uploading your own/RapidSSL certificate.
My app needs to connect to an internal web server through https.
The server has a self-signed certificate that is valid until next year:
I have installed this certificate in the iOS Simulator and on the device (Certificate.cer):
I am watching the traffic with Charles and the request does not even "leave" my computer.
The problem seems to be due to the SSL Certificate because when I can access the server through the internal url and the port 8080 everything works fine.
I did try the hack with the category allowsAnyHTTPSCertificateForHost:. This did not work in the simulator as well as on the device.
There seems to be official API to do this: How to use NSURLConnection to connect with SSL for an untrusted cert?
However, since this is only my development environment I would prefer not to change my code base for now. Plus I am using a framework to parse my data and I might have to deeply interfere with that framework to get to the API described above.
So my question is, should it not be possible to install the certificate and then use the server as if there was an official SSL certificate.
Email the self-signed certificate to yourself then open it on your iPhone. You will be taken through the steps to install the certificate on your phone.
After iOS 7.1 ,if we want to deploy our Enterprise app over air, the URL for the manifest.plist file has to be HTTPS.
For example:
itms-services://?action=download-manifest&url=https://example.com/manifest.plist
In my server I use a self-signed SSL certificate. When I tap the URL on an iPhone, it says Could not connect to <ip-address> and logs the typical
NSUnderlyingError=0x15d37040 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be `<ip-address>`, which could put your confidential information at risk.
So, I want to know whether I can use the self-signed SSL certificate or not?
If I can, how do I resolve the problem the problem I've encountered?
First have the user install the self-signed SSL certificate on their device. Or use a free verified SSL service.
You will need to have the user install this file https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file
I believe this service provides browser-validated SSL certificates. https://www.startssl.com/?app=1
I have
config.force_ssl = true
in my environment/production.rb file so as to make every request sequre with ssl and https.
I came to know that SSL can't be enabled in development mode. So, I started my thin web server in production mode and when I went to
https://127.0.0.1:3000
it's the same as the development mode(SSL connection error). Tried almost all the links of first 6 pages fetched by google. Anybody have solution to my problem??
P.S. I'm working on windows and I have client authentication certificate.
The problem you described is related to using a self-signed certificate.
SSL certificates relies on a chain of trust, where the root CA's (Certification Authority) are at the top.
To understand more how it works, the Wikipedia entry on SSL provide a good insight. For Self-Signed certificates there's also an entry at Wikipedia.
To solve you issue you can have a self-signed certificate (be aware of the security issues), but your users will be always prompted for an action.
Another option is to apply for a certificate on CertCA since some Linux distributions have them on root CA's.
The last and most reliable option is to acquire a certificate.
I'm trying to monitor the HTTPS requests/responses for my iPad app using Fiddler. I have a Windows 7 PC running Fiddler and have configured the HTTP proxy on my iPad to point to the PC using port 8888. This works fine and the CONNECT tunnel messages and 'ClientHello' handshakes can be seen in the capture log. However as soon as I enable the 'Decrypt HTTPS traffic' option in Fiddler, the app is blocked from connecting to the server. I've tried installing the Fiddler root certificate on the PC, and I also installed the certificate on my iPad by exporting the certificate to a URL and pointing Safari to the URL on my iPad which then installed it. This hasn't made a difference. Do I need to do something with the SSL certificate installed at the server running my web service?
Download the Fiddler Add-on for iOS/Android then visit http://[proxyip]:[port]/ using your phone browser. You can generate/download your working certificate from there.
And
Turn on your fiddler certificate at Your iPhone Setting -> General -> About -> Certificate Trush Settings
You may not have completely installed the Fiddler certificate.
Email the fiddler certificate to your iPad. Open the email and then open the certificate. iOS will prompt you to trust the certificate, and then install it.
If it is installed correctly, you will have a new iOS setting under Settings->General->Profile called DO_NOT_TRUST_Fiddler. That setting is your installed certificate.
Once the certificate is installed - Fiddler will be able to show you your HTTPS traffic.
I try to open https://github.com for testing. And I have done as Josh said(Install the certificate through email). But I came across "Safari cannot open the page because it cannot establish a secure connection to the server". When I close http proxy, https;//github.com shows up well.
Install "CertMaker Add-on" from this article and try again everything you described in your question - it will work okay.