Ask Question Forum:
Model Library:2025-02-08:A.I. model is online auto reply
C
O
M
P
U
T
E
R
2
8
Show
#
ASK
RECENT
←
- Underline
- Bold
- Italic
- Indent
- Step
- Bullet
- Quote
- Cut
- Copy
- Paste
- Table
- Spelling
- Find & Replace
- Undo
- Redo
- Link
- Attach
- Clear
- Code
Below area will not be traslated by Google,you can input code or other languages
Hint:If find spelling error, You need to correct it,1 by 1 or ignore it (code area won't be checked).
X-position of the mouse cursor
Y-position of the mouse cursor
Y-position of the mouse cursor
Testcursor
caretPos
Attachment:===
Asked by duncanb7
at 2024-12-17 11:25:39
Point:500 Replies:12 POST_ID:828865USER_ID:11059
Topic:
Apache Web Server;Linux;Secure Socket Layer (SSL) & HTTPS
after using openssl following this link
https://library.linode.com/web-servers/apache/ssl-guides/centos
to create self-sign cert but it doesn't mention how to generate
the cert as trusted certificate.
Anway after apache https and all cert key setup, I access my https site
such as https://mysite.com, Chrome will gave me SSL warning and then
I also follow other link from
http://blogs.technet.com/b/sbs/archive/2007/04/10/installing-a-self-signed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx
And the SSL warning message is gone on my computer Chrome browser but that red-cross and red-slash mask on browser address bar still exists. WHy ?
I have read a lot articles, some said it can NOT get rid of those mark unless get third-party certificate but some said it will be okay to get rid of that by self-sign cert. So sometimes it is confusing, and there should be two issues, the root of cause of those mark is from my openssl gererating key issue or is from Chrome browser security issue for those site not recongnzied by window and linux system.
If it is browser security issue or message, I must need to buy third-party cert to get rid of those mark, Right ? If not , what is final step to generate trusted certifcate if I have already generated self-sign cert ?
Please advise for those mark root cause
https://library.linode.com/web-servers/apache/ssl-guides/centos
to create self-sign cert but it doesn't mention how to generate
the cert as trusted certificate.
Anway after apache https and all cert key setup, I access my https site
such as https://mysite.com, Chrome will gave me SSL warning and then
I also follow other link from
http://blogs.technet.com/b/sbs/archive/2007/04/10/installing-a-self-signed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx
And the SSL warning message is gone on my computer Chrome browser but that red-cross and red-slash mask on browser address bar still exists. WHy ?
I have read a lot articles, some said it can NOT get rid of those mark unless get third-party certificate but some said it will be okay to get rid of that by self-sign cert. So sometimes it is confusing, and there should be two issues, the root of cause of those mark is from my openssl gererating key issue or is from Chrome browser security issue for those site not recongnzied by window and linux system.
If it is browser security issue or message, I must need to buy third-party cert to get rid of those mark, Right ? If not , what is final step to generate trusted certifcate if I have already generated self-sign cert ?
Please advise for those mark root cause
Expert: Dave Baldwin replied at 2024-12-17 13:13:18
You're welcome, glad to help.
Author: duncanb7 replied at 2024-12-17 12:49:28
Thanks for all of your reply
Duncan
Duncan
Author: duncanb7 replied at 2024-12-17 12:47:54
The red-cross and red-slash mask is gone after quit browser and re-open it so it can be concluded self-sign cert can be trusted cert if the user accept the risk and willing to import the cert file into Chrome browser root trusted cert folder for accessing my https server
Now there is no mark on https for IE, Firefox, Chrome and my apache https server should not have any SSL certificate issus, so now I will go to buy or choose SSL trusted vendor and product
Duncan
Now there is no mark on https for IE, Firefox, Chrome and my apache https server should not have any SSL certificate issus, so now I will go to buy or choose SSL trusted vendor and product
Duncan
Author: duncanb7 replied at 2024-12-17 12:30:49
Of course, finally and definitely I will buy third-party trusted cert. But before buying , I try to practice all SSL process setup with all related system such as my apache server by self-sign cert and know more SSL knowledge will help on to choose my right SSL cert product. otherwise it will happen again the cross-mark issue when the uses access my https site even if I have installed or bought the trusted cert and save into my server. So just make sure my server https is no any issue first before buying.
I will try gr8gonzo's suggestion first.
Duncan
I will try gr8gonzo's suggestion first.
Duncan
Expert: Dave Baldwin replied at 2024-12-17 12:09:08
The "red-cross mark" must be a Chrome thing and I can't tell you exactly why. Most users will NOT import your cert into their browsers because we tell them not to do that. I know that I wouldn't.
In the time that you are spending on this, you could have spent that amount of income on a certificate from Godaddy for $69 or from many others. This Google search will show you many sources for SSL Certificates: https://www.google.com/search?q=cheap+ssl
In the time that you are spending on this, you could have spent that amount of income on a certificate from Godaddy for $69 or from many others. This Google search will show you many sources for SSL Certificates: https://www.google.com/search?q=cheap+ssl
Expert: gr8gonzo replied at 2024-12-17 12:05:35
And Dave is correct that you should really only use self-signed certificates in situations where you have control over ALL of the visitors to your web site. You don't want to use a self-signed certificate on a public web site, because others are likely to leave the site because they will get the warning.
Accepted Solution
Expert: gr8gonzo replied at 2024-12-17 12:04:28
350 points EXCELLENT
Try rebooting. Chrome might not have all the latest updates from your trusted root store and rebooting will make sure you don't have any Chrome processes that are left behind.
I've also heard that sometimes you have to export and re-import using PKCS #7 single certificate format, but I'm not sure if that's accurate.
You also have to make sure you're importing into the trusted root store and not just letting the certificate import wizard automatically place it into the correct store.
I've also heard that sometimes you have to export and re-import using PKCS #7 single certificate format, but I'm not sure if that's accurate.
You also have to make sure you're importing into the trusted root store and not just letting the certificate import wizard automatically place it into the correct store.
Author: duncanb7 replied at 2024-12-17 11:52:32
Hope you understand my question or say it in other way suppose all users including my home computer are willing to save and import the my site self-sign cert into browers' trusted vendor folder as the link mention above, it should not have any such SSL warning and red-cross mark nearby https since browser understand users take his own risk to access my site
So my question is red-cross mark is caused from my generated cert issue by openssl command or only on Chrome security issue or message .. That are two different reason
or concept
Please advise
Duncan
So my question is red-cross mark is caused from my generated cert issue by openssl command or only on Chrome security issue or message .. That are two different reason
or concept
Please advise
Duncan
Assisted Solution
Expert: Dave Baldwin replied at 2024-12-17 11:45:00
150 points EXCELLENT
That does not mean it is trusted in the other browsers. If your site is a public site, every visitor will get the warnings about it being an untrusted site. Installing the certs in your browsers does not make it work in other people's browsers. Most other people will just leave when they get the warning, they won't make an exception for your site.
Author: duncanb7 replied at 2024-12-17 11:44:23
Dear DaveBaldwin,
that is why I got confusing from reading those article. Some said self-sign cert could be trusted cert if the user can save and put or import it in the trusted vendor folder on browser
Duncan
that is why I got confusing from reading those article. Some said self-sign cert could be trusted cert if the user can save and put or import it in the trusted vendor folder on browser
Duncan
Author: duncanb7 replied at 2024-12-17 11:40:13
Sorry and add more information to my question:
there is NO such red-cross and read-slash mark on Firefox and IE browser and that only happen on Chrome browser
there is NO such red-cross and read-slash mark on Firefox and IE browser and that only happen on Chrome browser
Expert: Dave Baldwin replied at 2024-12-17 11:35:30
To get a "trusted certificate", you need to buy a third party certificate that traces it's authenticity to a known Certificate Authority. You can not be your own trusted Certificate Authority. Installing your self-signed certificate will make the site work but it will not make it "trusted".