We have an installed SSL certificate on our website. First time user needs to install this certificate (accept it) on their browsers. Is there way to disable it?
I think it might be possible with apache conf or .htaccess file setting SSL path in it.
Can anyone did this and can paste me the settings here.
Thanks.
It sounds as if your certificate is signed incorrectly or for the wrong domain. Most browsers today don't ask about security certificates if they're completely valid.
Related
I have installed and followed all the step in creating an using Openssl but when I open localhost as https the browser says the connection is not secure or brings out privacy.
Kindly let me know what am doing wrong? How can one make it https and bring the green lock?
You did everything right but the browser doesn't know your certificate.
The browser will warn you everytime he gets a certificate signed by an authority he doesn't know. That DOESN'T mean that you did something wrong.
You can add your certificate as trustworthy (i.e. add an exception for your specific certificate) in the browser and everything will function as it would with a certificate from a trusted certificate authority (e.g. Comodo, RapidSSL, Symantec, etc)
I am doing a CAS integration with a project that I am doing with my university. The final integration should be made with symfony2, however first I need to make the example code working.
I finally get working the example_simple.php example with phpCAS 1.3.2 , however the directive:
phpCAS::setNoCasServerValidation();
is the enabled one. I think I should use instead:
phpCAS::setCasServerCACert($cas_server_ca_cert_path);
However when I enable this second one (and disable the other) then the authorization does not work anymore. Here is the relevant output line error of the log:
could not open URL 'https://cas_server.fi/cas/serviceValidate?service=http%3A%2F%2Flocalhost%2Fphpcas2%2Fdocs%2Fexamples%2Fexample_simple.php&ticket=ST-115606-M1Omd1cHWzbLbmxa1nYV-cas' to validate (CURL error #60: SSL certificate problem: unable to get local issuer certificate) [Client.php:2763]
The cas server provided me two .crt files:
MYCASRootCA.crt
MYCASLinuxSUBCA.crt
And they are suppose to be installed in my system (Ubuntu 13.10). They are in different places, such a /etc/ssl/certs/MYCASLinuxSUBCA.pem but also:
/usr/share/ca-certificates/lut/MYCASRootCA.crt
/usr/share/ca-certificates/lut/MYCASLinuxSUBCA.crt
So assuming that the variable $cas_server_ca_cert_path has to have one of these .crt files or .pem dirs (such a /usr/share/ca-certificates/lut/MYCASLinuxSUBCA.crt) I cannot make it work. What I am doing it wrong? My client-server (no the cas server) is in my localhost. Is it a problem? Should I avoid use setCasServerCACert command? Why is it happening?
I've also tried to use the curl-ca-bundle.crt certificate provided by my XAMP instalation (Xampp 1.8.3).
I am a little bit lost with certificates as you can see.
I read about problems with phpCAS and recent Ubuntu versions in https://github.com/Jasig/phpCAS/issues?state=open. However I cannot make this working with the master code, even without certification (by default).
Any ideas would be appreciated...
I have found the solution asking in the github library: https://github.com/Jasig/phpCAS/issues/119
The reason is that the curl binary used by PHP in my xampp installation is different from the system's curl binary. The system one has access to /etc/ssl/certs/ certificates, but the xampp curl does not have (unless you don't indicate it, of course). By default, it searches in a special certificate-bundle-file.
Finally I have found the real certificate for my cas-server and I am using it, however maybe you want to use other proposed solution at the end of the discussion thread if you are having a similar problem.
Ok, I'm sure someone is going to tell me this is a really dumb idea but please humor me.
I have a php site that is hosted using Lighttpd. I have multiple domains that resolve to my website (for example...mysite.com and mysite2.com). These sites need to use https.
When either mysite.com or mysite2.com are requested I want my php page to respond with the correct certificate. So, to clarify, when the browser gets the response from my php page it will not complain about the certificate because it will use the correct certificate.
Is this possible? How?
Thanks!
EV
By the time PHP is running the SSL handshake has already been completed by your web server, so there's no way it can do anything about the certificate.
If you're using name-based virtual hosting but you still want to use different SSL certificates, you can leverage on SNI (an extension on SSL and TLS) which is supported by most browsers and web servers (requires OpenSSL >= 0.9.8), including Lighttpd.
I want to connect to an https host using PHP cURL, but I don't want to use the certificate returned by the host or its CA path.
As I have the certificate locally, I'd like to use the local file instead of the certificate returned by the host and not rely on the CAs.
I’ve studied and searched and tried a number of things, but nothing is working except the normal default path, which gets the certificate from the host and follows the CA path.
Changing the existing host certificate is not an option.
I'm not sure if I understand you. Either I got your question wrong or you have a fundamental misunderstanding regarding SSL.
You have to use the host's certificate (which is a public key), otherwise the host won't understand what you're sending.
May Not Be Safe For Work
I cannot get my server to make a secure connection.
I created a checkout form here: https://bradp.com/join-30-30-club
When entered, the browser attempts to make a secure connection appears to give up and goes to an unencrypted connection.
What do you think It could be?
I'm using Apache and PHP.
Based on the output of the certificates for that site fetched with:
openssl s_client -connect bradp.com:443 -showcerts
on my mac (full output at http://www.atlbbs.com/bradp.txt ) it looks like you might a certificate chain problem. Without seeing your logs, if I had to guess, I'd say you are lacking the extra intermediary certificate that GoDaddy SSL certs usually need to work. If that's all okay, then you can try and chase down the "self signed certificate in certificate chain" or tell your software to ignore that warning. Or find who Valicert is and what they have to do with anything.