1

I am trying to run an https site for localhost and have installed certificate for it, even installed it in root trusted authorities but still everytime I am getting error

Warning: Potential Security Risk Ahead

I tried each and everything from this post, each and every answer

How can I create a self-signed cert for localhost?

But nothing is working, I keep on getting the potential risk error

And the weird thing is it used to work for me earlier, I deleted the existing certificate for localhost and tried to create another one, and nothing is working now

Any leads?

Pawan Nogariya
  • 8,330
  • 12
  • 52
  • 105
  • Where is the error message occurring? Is it an exception or just the response from the server? If error is in the response it depends on the server requirements and need to talk to the server developers. It could be that you are using the wrong version of TLS (just a guess). I would use a sniffer like wireshark or fiddler and check TLS version. If TLS version is 1.0/1.1 than your issue is due to the TLS version. Microsoft disable TLS 1.0/1.1 in June on servers in a security push and client now must request TLS 1.2/1.3. – jdweng Sep 24 '20 at 16:47
  • @jdweng - So when I am running my website in debug mode and it opens to the firefox, there it gives me this error. Also, since it gives this error on load so when I try to call the api of that web service I get the same error in response that certificate is not valid – Pawan Nogariya Sep 24 '20 at 16:55
  • What are your TLS settings in FireFox? In IE you can find settings in Tools : Internet Options : Advance : Security. When you do not specify TLS version in clients it uses the default operating system version unless the user settings are different. Using a sniffer like wireshark or fiddler will easily tell what version is being requested. – jdweng Sep 24 '20 at 17:12
  • @jdweng - security.tls.version.min = 3 and security.tls.version.max=4 in firefox – Pawan Nogariya Sep 24 '20 at 17:24
  • I do not think there is a TLS 1.4 (https://en.wikipedia.org/wiki/Transport_Layer_Security) Looks like FireFox is using only 1.3 and if your website is only 1.2 then you are going to fail. Your c# code is probably using the User Settings in IE which will also fail. – jdweng Sep 24 '20 at 18:03
  • But I actually do not care about accessing the website directly from the browser. My main concern is to call the api's using api tool. That is also not working because of the certificate – Pawan Nogariya Sep 24 '20 at 18:06
  • But if your certificate is for TLS 1.2 and you are using TLS 1.3 then you are going to fail. Look at the key exchanges at following webpage. TLS 1.3 does not accept all the TLS 1.2 encryption modes : https://en.wikipedia.org/wiki/Transport_Layer_Security – jdweng Sep 24 '20 at 18:13

0 Answers0