I have a problem connecting to the Fusio interface (api-manager). I installed it in ftp on a shared server. Until then everything is fine, the database is well updated and I have access to the fusio graphical interface. It is when I have to connect to the GUI that it is blocked. I enter my credentials and just after, an alert tells me: "Your connection to this site is not private".
Image of the second connection request
A little more details follow the comment #Luca Stucchi
I want to perform an installation using the mode: "installation script" (as explained in the documentation).
The API Manager is installed on a shared server, I can not use command lines.
This installation mode allows us to install via an ihm. During the installation, everything goes well. The database is well created and I have access to a login page.
But the problem starts now. When I enter my login information a pop-up appears, the message "Your connection to this site is not private" appears.
And I do not know how to avoid this popup blocking.
Why do you see the error
The error message "Your Connection is Not Private" is displayed for various reasons:
Invalid or non-trusted SSL certificate.
Time is not synchronized between the server and the client.
Issues related to browser cache.
AntiVirus/Proxy service blocking or interfering traffic.
Wrong DNS settings.
How to overcome
if it's a non-trusted SSL certificate: try to install it to your Trusted Root store.
invalid SSL certificate: if possible - re-create the SSL certificate on the server.
make sure that the SSL certificate it not already expired or that its validity starts in the future.
Sync your Clock on both sides (server and client).
Clear SSL state: open Internet Explorer -> Internet Options -> Content tab -> Certificates -> Clear SSL state button.
Clear browser cache (Cached images,Files, and Data)
Turn off (temporarly) your AntiVirus/Proxy.
Use some public DNS like google's (8.8.8.8 or 8.8.4.4).
source for most of the ideas.
P.S.
I'd suggest adding a code sample to get more precise answers...
Related
I have my site behind a StackPath firewall (CDN+WAF).
I am getting two errors when I use the native WordPress site health feature.
Your site could not complete a loopback request
Loopback requests are used to run scheduled events, and are also used by the built-in editors for themes and plugins to verify code stability.
The loopback request to your site failed, this means features relying on them are not currently working as expected.
Error: cURL error 35: OpenSSL SSL_connect: Connection reset by peer in connection to mydomain.com:443 (http_request_failed)
and
The REST API encountered an error
The REST API is one way WordPress, and other applications, communicate with the server. One example is the block editor screen, which relies on this to display, and save, your posts and pages.
The REST API request failed due to an error.
Error: cURL error 35: OpenSSL SSL_connect: Connection reset by peer in connection to mydomain.com:443 (http_request_failed)
How can I resolve this?
Since the site is behind a WAF firewall, there is no reason for it to go out to the WAF, and back to perform a loopback. We want it to go directly back to the server.
The solution is to modify the hosts file (/etc/hosts) to resolve each website to the origin IP address.
sudo vim /etc/hosts
Add the site in question to the origin IP address.
Example:
105.67.244.102 mydomain
That's it. The loopback error should be gone.
It depends what you want to achieve.
If you want to monitor your origin server than I would agree with #cipher442
If you want to monitor health of your site while It's behind CDN and WAF than I would recommend one of two possibilities:
Check if Stackpath has some kind of monitoring tools that will do do health checks from multiple locations
Set Datadog or some other third party monitoring that will do monitoring
Third and the only 'free' option is to rely on status code reporting and logs that you are getting for your site on CDN/WAF. If you have resources you can do some self hosted app that will parse those logs and provide you with a lot of details like response time, the most requested url, location of your end users etc..
I am working on some 3rd party integration project.
Created RootCA and SubCA from their official documentation website and after importing in windows server, we created key using openssl and got signed certificate from 3rd party integration Support team
We have configured in ldp.exe client and it got connected and fetched the dataset.
Now we are implementing in PHP code level.
We have:
IIS server 10
PHP 7.2
PHP Code is working in IIS
Added ldap.conf file created c:/openldap/sysconf/ldap.conf
TLS_REQCERT allow
#TLS_CACERT c:\openldap\sysconf\RootCaSha1.der
TLS_CACERT c:\openldap\sysconf\SubCaSha1.der
#TLS_CACERTDIR c:\openldap\sysconf
We have tried various paths and noted all evidence via wireshark tool
It says TLSv1.2 Alert (Level: Fatal, Description: Handshake Failure) so it means some certificate in ldap.conf are not as per requirement.
Looking forward to help in this regard so we can get connect.
Thanks in advance
As far as I know, the TLS handshake failure error commonly occurred when the server’s certificate is configured improperly. this should be configured on the IIS server-side. Please check the below items.
The account running the website is supposed to own the right of accessing the private key of the certificate. Firstly import the certificate to the Local machine Certification Store, under the property page of the certificate, grant the account access to the private key of the certificate.
Subsequently, we specify the certificate in the IIS site binding module.
Besides, Please note that the communication between the client-side and the server-side is established based on the fact that the client trusts the server certificate. this means that when we visit the website, the browser address bar has the sign of security lock. In this way, the public key of the certificate can be exchanged. The specific operation is to add the server root certificate to the Trusted Root Certificate Authority certification store of the client-side.
Currently setting up a backup solution that sends a database dump and some other files from a Wordpress network to a NAS on my LAN, via WebDAV. I have installed PHP WebDAV on my web server and the basic code to get that that to work is:
webdav_connect('http://webdav.example.com/dav', 'davuser', 'davpassword');
webdav_put('/your/nice/thing.txt', $data);
webdav_close();
The issue is, my NAS requires this connection to be done via HTTPS, so in a web browser you'd see a warning which you can ignore, but PHP gives the following warning and the code fails:
Warning: webdav_put() [function.webdav-put]: Server certificate verification failed: certificate issued for a different hostname, issuer is not trusted in /var/www/vhosts/blah/blah/blah.php on line 5
Is there a way in which I can ask PHP to ignore this, or will I need to obtain an SSL certificate? The domain name used for accessing the WebDAV service on my NAS is one provided by Dynamic DNS if that makes a difference.
Is there a way in which I can ask PHP to ignore this, or will I need to obtain an SSL certificate?
I don't know which HTTP Layer PHP WebDAV uses (which extension are you using?), but often it's possible to configure the underlying layer to ignore certificate errors.
If you need certificate verification for security reasons, you should obtain a valid certificate.
Just for completeness as I don't like leaving things un-answered. I've decided to access my WebDAV service via SMEStorage. They provide an API which developers can use for this sort of thing:
http://smestorage.com/?p=static&page=for_developers
I'm new to using SSL Certs and am having trouble getting help from the Service Provider I'm connecting to. I'm using PHP on the backend to handle the connection.
The setup is as follows:
User enters details into form, ajax sends the details back to Our server
Our server then connects using curl to 3rd party service sending away data in XML format
The 3rd party server replies with the data
Our server responds to the browser
Now the problem I'm having is figuring out who has to do the SSL cert, they are saying that I need to buy and install an SSL cert to connect to their server but I thought that it was the server receiving the connection that needs to handle SSL? If I brought an SSL cert wouldn't that only allow me to setup a secure connection between our server and the client's browser?
Please help before I lose my mind!
Thanks
Mark
You need to secure the Ajax connection between the browser and your server with a SSL connection if you are transferring sensitive data.
Edit: Sorry, I only answered your second question. The SSL certificate is configured by the entity whose server is being secured, so no you would not purchase a certificate to secure the call to THEIR server (Steps 2 & 3). But your Ajax call is totally on your end between your client's browser and your server, so you'd need one for Steps 1 & 4.
I was wondering if any of you know if it is possible in javascript or php to test if a client has a specific client certificate installed in the browser.
The thing is that we have a server certificate installed but to be recognized by the clients, they need 2 client certificates that make them recognize the authority of the issuer of our server certificate. We would like to test the browser for these 2 certificates, if there are not there, we want to propose the client to download them before to enter in https mode...
Anybody can help? Please detail your answer if you know one.
You can do it client side by using javascript to request a known file from a secured (https) source. if the request fails then it means the client refused to accept your certificate (or another network error) at this point you could popup a message to ask the user to install the root certificate with a link to the root certificate.
This must be done from a non secure page. otherwise the user may refuse your certificate and never load the page to start with and therefore your javascript never runs
It can't be done in PHP because php (which is server side) cannot determine whether the client browser has a particular root ca installed
I however would not do this. get a proper certificate instead.
You appear to have insufficient understanding of how SSL works in general. I suggest spending some time understanding how SSL works and how certificates are used.
DC
to learn about sending and receiving http responses with javascript read this page..
http://www.w3schools.com/XML/xml_http.asp
It can be used to send and receive any text data, not just xml. It is real easy to implement but you must be aware of browser version issues.
DC
what about a warning message that will be hidden by a javascript which will be loaded from your https site.
in the warning message you can link the windows update site or wherever the updated root certifcates can be downloaded to their browser.
PHP is a server side language. If you really want to test this then you need to do it with JavaScript and then send back an AJAX request to PHP.
But I think there is another solution to your problem. Normally when a CA change their name etc. they have usually new "Intermediate Certificates" you can use. (If you have an apache httpd server then you can search for "ca bundle" on their website as well.) With this bundle you can send the new CA certificate along with your certificate.
Forcing your users to download and install a homegrown CA certificate is ugly and hateful. Instead, show them the love and pay the $30 US to get an SSL certificate signed by a reputable, already trusted, CA.