1

I'm playing with jQuery to strengthen my front end skills and have run into an error that I hope is caused by an SSL cert issue.

I went to the raw url of the API I was trying to use and it gave me this warning in chrome:

The site's security certificate is not trusted!
You attempted to reach theAPI, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications.

Here is the basic code set up I was using (pulled from here):

<body>
    <div class="results"></div>
    <script>
        $( document ).ready(function() {
            $.ajax({
                url: "https:theAPI",
                cache: false,
                success: function(html){
                    $(".results").append(html);
                }
            });
        });
    </script>
</body>

Should I investigate my setup more or is there a valid issue from the SSL cert that would roadblock me?

Community
  • 1
  • 1
Erik
  • 898
  • 2
  • 8
  • 28

3 Answers3

3

You have two problems. First, the self-signed cert would never work for a publicly accessible application, as you would need each user to somehow accept that cert as trusted (which as others have stated is not possible via AJAX).

Second, even if you get past the SSL problem, you are likely to have a cross-domain request problem. That is, AJAX cannot be used to make cross-domain calls unless you are using JSONP or the target server has properly configured CORS policy (which I would guess is not the case considering the self-signed cert).

Your best bet may be to expose a backend API on your server which you can call via AJAX, with the backend then making the cross-domain call and exposing the data back in response to the AJAX request. You could even cache the results of the remote call locally if it makes sense.

Mike Brant
  • 70,514
  • 10
  • 99
  • 103
  • Indeed. I now get 'No 'Access-Control-Allow-Origin' header is present on the requested resource.' and all of my research seems to point to it being a server side issue . Setting data to jsonp returns a parse error as well. – Erik Jan 23 '14 at 07:10
  • @TehRuby Unfortunately for you to use JSONP, the server has to cooperate and understand that a JSONP request is being made such that it should return the result in a function wrapper. If you have no control over the target server, you will likely need to make a server to server call in your backend and expose that result via your own AJAX endpoint. So the bottom line is that unless you know a server on another domain supports a cross-domain AJAX call (either via CORS or JSONP), you shouldn't pursue that approach. – Mike Brant Jan 23 '14 at 16:38
  • it IS possible to bypass the CORS by stating you accept it on the response header, I haven't solved the first part though which is to make AJAX accept a self signed certificate – Dante Sep 14 '20 at 16:39
0

This is a self-signed certificate you are using. There is no higher authority to establish "trust". It will always cause this error note except in cases where the client browser has already established private key exchange. This is true in direct connections via the web browser, as well as $.ajax() calls behind the scenes.

Self-signed certificates are useful for testing or private applications, but when put into production you will need a certificate signed by a certificate authority.

http://en.wikipedia.org/wiki/Self-signed_certificate

Patrick Moore
  • 13,251
  • 5
  • 38
  • 63
0

You have to add a certificate exception to the browser to make it work.

Like Open this address =1390422014472">https://wcc-dev-api.dyndns.info/pubtimeslots/?categoryid=20&=1390422014472
in your chrome browser click "proceed anyway". It'll add an exception to the chrome browser.

And you are making a json request to the outside of the server, you have to do JSONP to make it work

Rajeev
  • 312
  • 3
  • 10