0

I have tested my self-signed SSL certificate for https site. when I access my https site such as https://example.com on my computer, Chrome browers will give me SSL warning about un-trusted site something like that and I follow instuction from a link, the warning is gone. But why it always has red-cross and read-slash mark around https at address bar even I 've saved and put my self-signed SSL cert into the trusted vendor folder on Chrome browser as a trusted cert only on my computer.

Whether must I buy third-party SSL cert to get rid of those red mark ? That is only method?

Cœur
  • 37,241
  • 25
  • 195
  • 267
techsolve
  • 165
  • 2
  • 2
  • 11
  • 1
    That's the problem with self-signed certificate. As far as I know they should only be used for testing purpose... If you have the use of SSL, a legitimate certificate is not that costly... – Laurent S. Dec 17 '13 at 18:38
  • You mean I generated a wrong self-signed cert during openssl process. Or it is just browser security issue that is two different problem or issue ,any low-cost SSL trusted cert suggestion ? – techsolve Dec 17 '13 at 18:50
  • Well, it depends on what you call "low cost". For 1 single domain you should easily find one under $100 just by googling it, and your hosting provider probably also offers that kind of services, together with the installation of it. – Laurent S. Dec 17 '13 at 18:59
  • This third party can be yourself as a CA. You can create your own CA self sign certificate, trust it and create your own Server Certificate signed by your CA, all will then be fine. For any new server you will create use your own trusted CA certificate to sign it. take care of creating a CA with CA:true and signing capabilites, and to create a server certificate with either CN= or dnsName= extension. – philippe lhardy Dec 17 '13 at 19:03
  • phippe, I already did , but why I still get the red mark – techsolve Dec 17 '13 at 19:06
  • evil is in details, might be your CA does not contains all required fields to validate a certificate. How does it behave with Firefox or Explorer ... – philippe lhardy Dec 17 '13 at 19:08
  • I followed this [a link](http://blogs.technet.com/b/sbs/archive/2007/04/10/installing-a-self-signed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx) to generate those cert or key file and Surprisingly, Firefox is no such red-mark – techsolve Dec 17 '13 at 19:32
  • IE and Firefox has no such red-cross mark after I import the cert into the browser ssl trusted folder – techsolve Dec 17 '13 at 19:58
  • post your Certificate and your CA Certificate somewhere if you want an detailed answer. Remark : Certificates are public they contains only public key, so it is safe. Sure don't send your pfx or private keys. Best is to have certifcate in PEM form so that they can be copy/pasted in your request. – philippe lhardy Dec 19 '13 at 21:13
  • http://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificate – philippe lhardy Dec 19 '13 at 21:20
  • What you mean, please help , write it cleary – techsolve Dec 19 '13 at 23:16

0 Answers0