-2

Can we make it possible that browsers ignore self signed certificate?

or is it possible to just show a message to the user so that when they click on the confirm/approve/submit it stores a certificate exception?

Note: I am using PHP and ask about SSL for Facebook apps.

animuson
  • 53,861
  • 28
  • 137
  • 147
Abdullah Adam
  • 178
  • 5
  • 19
  • Note:this is not a duplicate question ask for all browser and prefer for php solutions – Abdullah Adam May 08 '12 at 10:43
  • 1
    There're a few free providers and there're many others that will charge a yearly fee similar to the price of a domain (you already own a domain, don't you?). If you are asking for a server-side method, you're basically asking how to hack the system :) – Álvaro González May 08 '12 at 10:48
  • @ÁlvaroG.Vicario thanks for your comment can you pleas mention one or two free ssl provider so that i can use free ssl and about your "hack subject" i already updated the question for that – Abdullah Adam May 08 '12 at 10:50
  • 1
    Do you really mean 'ignore'? Or do you perhaps really mean 'accept silently'? – user207421 May 08 '12 at 11:00
  • possible duplicate of [Self Signed SSL acceptance Android](http://stackoverflow.com/questions/1217141/self-signed-ssl-acceptance-android) – user207421 May 08 '12 at 11:02
  • i mean accept silently to make it easy to user to store this site self signed certificate – Abdullah Adam May 08 '12 at 11:05
  • 1
    @AbdullahAdam That would be insecure. There is no reason to trust the identity asserted a self-signed certificate. The user must be asked. What you are requesting is radically insecure. If you don't want security why use SSL or HTTPS at all? – user207421 May 08 '12 at 11:08
  • @EJP as i mention in question https for faceboom as its required for facebook applications – Abdullah Adam May 08 '12 at 11:32
  • @EJP the above question link which you give in comment can you please check the answer of "Chris Boyle" can we use Chris Boyle solution for my problem ? – Abdullah Adam May 08 '12 at 11:34
  • No, for the same reason. See my comment on his answer. – user207421 May 08 '12 at 11:56
  • so what do you say about free ssl provider ? – Abdullah Adam May 08 '12 at 12:00
  • I don't understand the question, but any SSL certificate that is signed by a recognized CA (1) is secure and (2) won't provoke browser popups, and the reason for (2) is (1). – user207421 May 08 '12 at 12:13

3 Answers3

3

No it is not possible to make all browser ignore self signed certificates, the whole system relies on a trusted party to sign certificates to validate them.

Paul Bain
  • 4,364
  • 1
  • 16
  • 30
  • 1
    you cannot affect how the browser deals with unsigned cerificates at all, except by purchasing a signed one. There are free SSL providers however not all are supported by browsers. – Paul Bain May 08 '12 at 10:55
  • can you please give me the link of free ssl provider ? – Abdullah Adam May 08 '12 at 11:28
2

If by ignore you mean to remove the warning, no, you cannot do that. It is one of the main principles of SSL trust to require the "chain of trust" to be in effect.

Furthermore, this is a browser-related problem, it does not matter what language you use at the back end. You can get some more information here, not much good news thought.

Community
  • 1
  • 1
petr
  • 2,554
  • 3
  • 20
  • 29
  • I have - still not understand 100% what you are trying to achieve given the technologies you have mentioned - could you explain more your use case? – petr May 08 '12 at 10:50
  • ok i try to define it further Normally user needs to do a long procedure to store self signed ssl so is there any way that we can store our certificate directly and user just need o press the ok/submit/confirm button – Abdullah Adam May 08 '12 at 10:55
  • when try to visit https:// page for fb app of my website i get the below error pakturkkarachiboys.org uses an invalid security certificate. The certificate is not trusted because it is self-signed. (Error code: sec_error_untrusted_issuer) – Abdullah Adam May 08 '12 at 10:57
  • It is not a 'browser-related problem' at all. It is an SSL-related problem. Any implementation of SSL that didn't have the same behaviour would be severely broken. Sadly such implementations do exist, and they are indeed broken. – user207421 May 08 '12 at 11:02
  • @AbdullahAdam What do I prefer about what? – user207421 May 08 '12 at 11:07
  • @Abdullah Ok, as I have thought - this is not a desired behaviour, I would recommend a purchase of a valid SSL certificate. – petr May 08 '12 at 11:12
-1

No, you can't make browsers accept your self-signed certificated.

However, you can get free SSL certificates from these two providers:

  • StartSSL / StartCom
  • CACert.org

I have no experience with CAcert however I have some with StartSSL; here is a step-by-step guide to get free SSL certificate with StartSSL I've written on my blog: http://nicolas.landier.org/2013/03/17/get-a-free-ssl-certificate-with-startssl/

Nicolas Landier
  • 140
  • 1
  • 9
  • 4
    Please do include an explicit disclaimer that that is your own blog you are linking to, see the [FAQ#promotion]. And more importantly, do not add the link to other posts! That kind of self-promotion is not appropriate. – Martijn Pieters Mar 17 '13 at 11:16
  • I've taken your remark into account. However, what do you mean by "And more importantly, do not add the link to other posts!"? – Nicolas Landier Mar 17 '13 at 13:40
  • 2
    You suggested 3 edits to other posts: [1](http://stackoverflow.com/review/suggested-edits/1734814), [2](http://stackoverflow.com/review/suggested-edits/1734812) and [3](http://stackoverflow.com/review/suggested-edits/1734805). Those were not appropriate edits. You could perhaps have created your own answer instead where you could have incorporated your blog link (provided they were proper answers). – Martijn Pieters Mar 17 '13 at 13:43
  • I wish but couldn't add any comment. All I can do was to edit the answer. I'm not really familiar with StackOverflow. Thanks. – Nicolas Landier Mar 17 '13 at 14:06
  • If you cannot comment, editing in a comment is not appropriate, I'm afraid. It's a pity some of the suggested edits were accepted, the reviewers were not paying attention. Another 2 points reputation and you can comment everywhere yourself. – Martijn Pieters Mar 17 '13 at 14:17