Mini Servers: Browsers dislike self-signed certificates

From The Uniform Server Wiki
Jump to navigation Jump to search

Mini Servers:  Introduction | Support | Server 1 - Portable | Server 2 - Service | Server 3 - Portable Authentication | Server 4 - Portable Authen. SSL | Server 5 - SSL Standalone | Browsers dislike self-signed certificates | Server 6 - PHP 5.2.6 Portable | Server 7 - PHP 5.2.6 Service | Server 8 - MySQL Support | Guest Book | Server 9 - Perl 5.2.6 Portable | Server 10 - Perl 5.2.6 Service | Server 11 - MySQL 5.0.67 Portable | Server 12 - MySQL 5.0.67 Service | Server 13 - MySQL 4.1.22 Portable | Server 14 - MySQL 4.1.22 Service | phpMyAdmin - Mini support | MySQL - General problems

Mini Servers:
Compact but fully functional.

Browsers dislike self-signed certificates

They throw up all kinds of scary messages and rightly so however if it’s your personal secure server (server 4, server 5 or SSL personal secure server) what do you do! Certainly do not follow the information they give you; otherwise you will never connect to your server. This page hopes to pint you in the right direction for a personal secure server.

I must stress if you receive any of the alarm bells while you are about to part with money make sure you heed the warnings and recommendations otherwise you may just find your bank account depleted.

To save or not to save

I personally recommend you do not save a self-signed certificate to your browser especially if you are not using your own personal computer. It is best to allow a certificate for the current session only.

How to determmine if data was encrypted

What strikes me as odd using a self-signed certificate once a secure connection is established all modern browsers do not give a clear indication that data is being encrypted? This I suppose is to actively discourage their use.

A small piece of theory, when connecting from a browser with a scheme https:// it dictates a secure protocol must be used for the connection. Likewise a server will also have been set up (SSLEngine on) to server only pages using a secure protocol.

Net results of this, if you see in your browser address bar https:// and the page is being displayed it was encrypted before being sent over the Internet and decrypted by your browsers.

It does not guarantee a connection is safe, if the data is intercepted encryption makes it difficult for a casual user crack. In addition it does not prevent men in the middle attach only a signed certificate can help with this.

Top

How to get your browser to accept a self-signed certificates

All modern browsers actively discourage self-signed certificates however they do need to honour the wishes of users. To get your browser to accept a self-signed certificate varies depending on the browser you are using some make it a little more difficult than others. I cover the three main browsers (well the ones I have access to) in reality all that is required is a few mouse clicks while ignoring the scary warnings and recommendations.

Note: I used mini server 5 for these tests and screen shots.

Browser address: https://localhost:8085

Top

Firefox 3

Step 1: Click OK

Step 2: Click Or you can add an exception

Step 3: Click Add exception

Step 4: Click Get certificate

Step 5: Un-Check Permanently store this exception

Step 6: Click Confirm Security Exception

Top

Opera 9.51

Step 1: Click Approve

No Step 2:

Click the Question mark right of browser address bar allows you to view certificate details.

Top

IE7

Step 1: Click Continue to this website (not recommended)

No Step 2:

Click Certificate Error right of browser address bar allows you to view certificate details.

Note: Its not a true error there is not a problem with the certificate

Top

Conclusion

From the above I hope you noticed there is no consistency in addition its difficult to determine if your page was encrypted. I personally think there is a fundamental flaw in that there is no reference point like the old padlock. Firefox hides it bottom right of screen neither IE or Opera provide one, they use a new fangled method, as does Firefox. I would prefer the address bar to have changed colour.

A final reminder, do heed all warnings when parting with hard earned cash never give away credit card details until you are completely sure you have a secure connection.

Top


Ric