https://wiki.uniformserver.com/index.php?title=Mini_Servers:_Browsers_dislike_self-signed_certificates&feed=atom&action=historyMini Servers: Browsers dislike self-signed certificates - Revision history2024-03-28T15:21:06ZRevision history for this page on the wikiMediaWiki 1.41.0https://wiki.uniformserver.com/index.php?title=Mini_Servers:_Browsers_dislike_self-signed_certificates&diff=3423&oldid=prevRic: New page: {{Uc nav mini servers}} '''Browsers dislike self-signed certificates''' They throw up all kinds of scary messages and rightly so however if it’s your personal secure server ([[Mini Ser...2008-08-17T14:34:02Z<p>New page: {{Uc nav mini servers}} '''Browsers dislike self-signed certificates''' They throw up all kinds of scary messages and rightly so however if it’s your personal secure server ([[Mini Ser...</p>
<p><b>New page</b></p><div>{{Uc nav mini servers}}<br />
<br />
'''Browsers dislike self-signed certificates'''<br />
<br />
They throw up all kinds of scary messages and rightly so however if it’s your personal secure server ([[Mini Servers: Apache 2.2.9 Portable - Authentication SSL|server 4]], [[Mini Servers: Apache 2.2.9 Portable - Authentication SSL Standalone|server 5]] or [[SSL Part 1: Apache Upgrade| SSL personal secure server]]) what do you do! Certainly do not follow the information they give you; otherwise you will never connect to your server. This page hopes to pint you in the right direction for a personal secure server.<br />
<br />
I must stress if you receive any of the alarm bells while you are about to part with money make sure you heed the warnings and recommendations otherwise you may just find your bank account depleted.<br />
<br />
== To save or not to save ==<br />
I personally recommend you do not save a self-signed certificate to your browser especially if you are not using your own personal computer. It is best to allow a certificate for the current session only.<br />
<br />
== How to determmine if data was encrypted ==<br />
What strikes me as odd using a self-signed certificate once a secure connection is established all modern browsers do not give a clear indication that data is being encrypted? This I suppose is to actively discourage their use.<br />
<br />
A small piece of theory, when connecting from a browser with a scheme https:// it dictates a secure protocol must be used for the connection. Likewise a server will also have been set up (SSLEngine on) to server only pages using a secure protocol.<br />
<br />
'''''Net results of this, if you see in your browser address bar https:// and the page is being displayed it was encrypted before being sent over the Internet and decrypted by your browsers.'''''<br />
<br />
It does not guarantee a connection is safe, if the data is intercepted encryption makes it difficult for a casual user crack. In addition it does not prevent men in the middle attach only a signed certificate can help with this.<br />
<br />
'''''[[#top | Top]]'''''<br />
== How to get your browser to accept a self-signed certificates ==<br />
All modern browsers actively discourage self-signed certificates however they do need to honour the wishes of users. To get your browser to accept a self-signed certificate varies depending on the browser you are using some make it a little more difficult than others. I cover the three main browsers (well the ones I have access to) in reality all that is required is a few mouse clicks while ignoring the scary warnings and recommendations.<br />
<br />
Note: I used mini server 5 for these tests and screen shots.<br />
<br />
Browser address: '''<nowiki>https://localhost:8085</nowiki>''' <br />
<br />
'''''[[#top | Top]]'''''<br />
== Firefox 3 ==<br />
{|<br />
|-<br />
|width="350"|<br />
'''''Step 1'':''' Click '''OK'''<br />
|<br />
[[Image:Uc_firefox_ssl_1.gif]]<br />
|-<br />
|<br />
'''''Step 2'':''' Click '''Or you can add an exception'''<br />
|<br />
[[Image:Uc_firefox_ssl_2.gif]]<br />
|-<br />
|<br />
'''''Step 3'':''' Click '''Add exception'''<br />
|<br />
[[Image:Uc_firefox_ssl_3.gif]]<br />
|-<br />
|<br />
'''''Step 4'':''' Click '''Get certificate'''<br />
|<br />
[[Image:Uc_firefox_ssl_4.gif]]<br />
|-<br />
|<br />
'''''Step 5'':''' Un-Check '''Permanently store this exception'''<br />
<br />
'''''Step 6'':''' Click '''Confirm Security Exception'''<br />
|<br />
[[Image:Uc_firefox_ssl_5.gif]]<br />
|}<br />
<br />
'''''[[#top | Top]]'''''<br />
<br />
== Opera 9.51 ==<br />
{|<br />
|-<br />
|width="350"|<br />
'''''Step 1'':''' '''Click Approve'''<br />
|<br />
[[Image:Uc_opera951_ssl_1.gif]]<br />
|-<br />
|<br />
'''''No Step 2'':'''<br />
<br />
Click the ''Question mark'' right of browser address bar allows you to view certificate details.<br />
|<br />
[[Image:Uc_opera951_ssl_2.gif]]<br />
|}<br />
<br />
'''''[[#top | Top]]'''''<br />
<br />
== IE7 ==<br />
{|<br />
|-<br />
|width="350"|<br />
'''''Step 1'':''' Click '''Continue to this website (not recommended)''' <br />
|<br />
[[Image:Uc_ie7_ssl_1.gif]]<br />
|-<br />
|<br />
'''''No Step 2'':'''<br />
<br />
Click '''Certificate Error''' right of browser address bar allows you to view certificate details.<br />
<br />
Note: Its not a true error there is not a problem with the certificate <br />
|<br />
[[Image:Uc_ie7_ssl_2.gif]]<br />
|}<br />
<br />
'''''[[#top | Top]]'''''<br />
== Conclusion ==<br />
From the above I hope you noticed there is no consistency in addition its difficult to determine if your page was encrypted. I personally think there is a fundamental flaw in that there is no reference point like the old padlock. Firefox hides it bottom right of screen neither IE or Opera provide one, they use a new fangled method, as does Firefox. I would prefer the address bar to have changed colour.<br />
<br />
A final reminder, do heed all warnings when parting with hard earned cash never give away credit card details until you are completely sure you have a secure connection.<br />
<br />
'''''[[#top | Top]]'''''<br />
<br />
----<br />
<br />
{|<br />
| [[Image:uc_small_logo.gif]] || [[User:Ric|Ric]]<br />
|}<br />
<br />
<br />
[[Category: UniCenter]]<br />
[[Category: Mini Servers]]<br />
[[Category: Security]]<br />
[[Category: Oily Rag]]<br />
[[Category: Self Install]]</div>Ric