I have installed and followed all the step in creating an using Openssl but when I open localhost as https the browser says the connection is not secure or brings out privacy.
Kindly let me know what am doing wrong? How can one make it https and bring the green lock?
You did everything right but the browser doesn't know your certificate.
The browser will warn you everytime he gets a certificate signed by an authority he doesn't know. That DOESN'T mean that you did something wrong.
You can add your certificate as trustworthy (i.e. add an exception for your specific certificate) in the browser and everything will function as it would with a certificate from a trusted certificate authority (e.g. Comodo, RapidSSL, Symantec, etc)
Related
Using this page: Wamp2 and "The ordinal 942 could not be located in the dynamic link library LIBEAY.dll"
I was able to setup SSL on my wamp. It works nice, especially after I provide the server certificate (server.crt) to an user. If not, they will have an "certificate not trusted" error. It is possible to reject those who are not using SSL certificate?
Thank you!
If the client displays a "server certificate is not trusted" message, that's because the server certificate you have installed is not signed by any authority the client knows about. Likely you're using a self-signed certificate. When you add this certificate to the trusted certificate store on your client, the client now trusts this certificate and does not display the warning anymore. It's not that "the client uses a certificate", it's that the client doesn't complain about the server's certificate.
You have no influence over this process at all. The server offers its certificate, and the client trusts it or doesn't. The server doesn't know this. If the client continues its conversation with the server, that pretty much implies that it trusts the offered certificate. Whether that is because the user approved it manually or because the client trusts the certificate otherwise, the server doesn't know.
There's also the concept of client certificates, in which a client identifies itself to the server using a certificate. This is badly supported in todays client software though and probably not what you're looking for.
We have an installed SSL certificate on our website. First time user needs to install this certificate (accept it) on their browsers. Is there way to disable it?
I think it might be possible with apache conf or .htaccess file setting SSL path in it.
Can anyone did this and can paste me the settings here.
Thanks.
It sounds as if your certificate is signed incorrectly or for the wrong domain. Most browsers today don't ask about security certificates if they're completely valid.
I was wondering if any of you know if it is possible in javascript or php to test if a client has a specific client certificate installed in the browser.
The thing is that we have a server certificate installed but to be recognized by the clients, they need 2 client certificates that make them recognize the authority of the issuer of our server certificate. We would like to test the browser for these 2 certificates, if there are not there, we want to propose the client to download them before to enter in https mode...
Anybody can help? Please detail your answer if you know one.
You can do it client side by using javascript to request a known file from a secured (https) source. if the request fails then it means the client refused to accept your certificate (or another network error) at this point you could popup a message to ask the user to install the root certificate with a link to the root certificate.
This must be done from a non secure page. otherwise the user may refuse your certificate and never load the page to start with and therefore your javascript never runs
It can't be done in PHP because php (which is server side) cannot determine whether the client browser has a particular root ca installed
I however would not do this. get a proper certificate instead.
You appear to have insufficient understanding of how SSL works in general. I suggest spending some time understanding how SSL works and how certificates are used.
DC
to learn about sending and receiving http responses with javascript read this page..
http://www.w3schools.com/XML/xml_http.asp
It can be used to send and receive any text data, not just xml. It is real easy to implement but you must be aware of browser version issues.
DC
what about a warning message that will be hidden by a javascript which will be loaded from your https site.
in the warning message you can link the windows update site or wherever the updated root certifcates can be downloaded to their browser.
PHP is a server side language. If you really want to test this then you need to do it with JavaScript and then send back an AJAX request to PHP.
But I think there is another solution to your problem. Normally when a CA change their name etc. they have usually new "Intermediate Certificates" you can use. (If you have an apache httpd server then you can search for "ca bundle" on their website as well.) With this bundle you can send the new CA certificate along with your certificate.
Forcing your users to download and install a homegrown CA certificate is ugly and hateful. Instead, show them the love and pay the $30 US to get an SSL certificate signed by a reputable, already trusted, CA.
May Not Be Safe For Work
I cannot get my server to make a secure connection.
I created a checkout form here: https://bradp.com/join-30-30-club
When entered, the browser attempts to make a secure connection appears to give up and goes to an unencrypted connection.
What do you think It could be?
I'm using Apache and PHP.
Based on the output of the certificates for that site fetched with:
openssl s_client -connect bradp.com:443 -showcerts
on my mac (full output at http://www.atlbbs.com/bradp.txt ) it looks like you might a certificate chain problem. Without seeing your logs, if I had to guess, I'd say you are lacking the extra intermediary certificate that GoDaddy SSL certs usually need to work. If that's all okay, then you can try and chase down the "self signed certificate in certificate chain" or tell your software to ignore that warning. Or find who Valicert is and what they have to do with anything.
I am new to the OpenSSL world and trying to implement SSO on my PHP based application. I have already set up the OpenSSL Library and PHP openssl extension.
Now, what I need to know is, what steps I need to take and where I can find reference of that. My requirement are
1- User will be provided a certificate, and browser will submit that certificate for client authentication using SSL.
2- User will not need to go through the long authentication process of login rather the certificate will handshake with the server.
3- Certificate will be self signed or my company will be the CA for every certificate.
Please guide me how to setup all these thing on PHP based application with all the steps to follow.
It's easy. Configure your client side certificate, configure your webserver to validate client certificates then point your browser at:
<?php phpinfo(); ?>
...and you'll see where to retrieve the details and how they are formatted/referenced.
(the PHP openSSL extension is irrelevant for authentication - the details are all passed by CGI from mod_ssl)
C.
Friends, I got the complete answer at
http://www.experts-exchange.com/Security/Encryption/Q_25076701.html
Now I want to confirm that can we use single client certificate and populate the commonName and email fields from credential store on the computer at run-time? My application will all be on same domain so I want their domain login to be used for my application.
Regards,