0

I am getting the error net::ERR_INSECURE_RESPONSE when my script in angular tries to access my WCFservice method. To get it to work, every browser that accesses the website needs to find the url used in the ajax call and manually add the certificate to their trusted sites. IS there no way to get this done automatically without purchasing a real certificate? To resolve this I tried three things:

  1. Setup crossdomain.xml on the service opening requests from everyone
<?xml version="1.0" ?>
<cross-domain-policy>
  <site-control permitted-cross-domain-policies="master-only"/>
  <allow-access-from domain="*"/>
  <allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

Still got the same error net::ERR_INSECURE_RESPONSE

  1. Sent the following headers in the request from angular
Access-Control-Allow-Origin:*
Access-Control-Allow-Methods:GET, POST
Access-Control-Allow-Headers: Content-Type, Accept,TOKEN

Still got the same error net::ERR_INSECURE_RESPONSE

  1. Followed this link the best I could to setup a custom self signed certificate but when setting up the bindings in IIS on the server I got this error:

one or more intermediate certificates in the certificate chain are missing. To resolve this issue, make sure that all of the intermediate certificates are installed

I have deployed a WCF 4.0 REST Service on Windows Server 2012. I think I need to get point #3 right for this to work. I would need assistance in understanding how to solve the error mentioned for point #3.

The Website url: https://www.mydomain.com/Website/  
The Service url: https://www.mydomain.com/Webservice/

Any help appreciated.

INF.TA
  • 3
  • 1
  • 4

1 Answers1

0

I have worked for a while in an environment where we needed to create self-signed certificates for testing. We used the java keytool to create the certificates. Use this link To Use keytool to Create a Server Certificate and google for more information to create your own cert. The process is quite involved ( although simpler than the link you have provided), but the critical point is to use your machine name when creating the certificate, and to make sure that the urls you are using for testing are using this name.

You may also need to add the name of your machine and its IP into your hosts file. This is important so that the urls are resolved by the name on the certificate. You will need to figure out how to add the certificate to your server. We used Tomcat, see this /ssl-howt, or for node, try this create a trusted self-signed SSL cert for localhost (for use with Express/Node). (unfortunately I have never used IIS)

Finally to check if your certificate works, you have to configure your server to run in ssl mode, and you should be able to access before attempting to make use of these as services from your webpage.

https://yourmachinemane:443/suburls

Community
  • 1
  • 1
Carl
  • 1,266
  • 10
  • 20
  • I want to be able to create a certificate with the domain name provided to our test servers. These test servers are available on the public internet and accessible to our test team after some security checks. However, I wont be able to edit all their host files as they are mostly crowd workers. What I need is a way to create a test certificate that gets created with the testdomain server url (https://test.mydomain.com/website) in the Issued To section – INF.TA Nov 05 '14 at 08:58
  • I'm afraid that you will need to buy a certificate for this, how else do you expect the individual browsers to trust your self-signed certificates? Then the only other option will be to get your cross-domain issue sorted. – Carl Nov 05 '14 at 11:36