0

I am trying to put my software "which is a website" on the client’s own server, and I have installed the ssl certificate on the server. when I open the website from the server then the connection is secure. But when I launch the website from any other machine which is on the same local network with the server, then I got the message from the browser that this Page is not secure (broken HTTPS) Certificate-missing. Its not logic that I have to install the ssl certificate on each machine. I mean its installed on the server then each local machine should see the link as secure just as the server!

enter image description here

MHassan
  • 25
  • 9
  • 1
    You think browsers should trust every self-signed certificate they encounter? So I can easily create a cert with the name of your bank, put it on a server, intercept your traffic, and the browser will show it as a secure connection to your bank so you give me your credentials and I can steal all your money? Excellent plan! – dave_thompson_085 Dec 14 '21 at 21:00
  • @dave_thompson_085 then why any website in the world appears as secured to all browsers ?? I just did exactly what they do , They have a secured ssl certificate that is installed in their host or server. Can you mention me pls what steps should I do ? – MHassan Dec 15 '21 at 07:48
  • 1
    Valid sites have a cert _issued by a CA which is trusted because it validates_ each requestor to whom it issues a cert. E.g. stackoverflow uses a cert from LetsEncrypt, and LE only issues a cert for stackoverflow to the real stackoverflow, so I can be sure my connection is with real stackoverflow and not a fake named stackoverflow. See https://security.stackexchange.com/questions/20803/how-does-ssl-tls-work at 'Some more details'. Also I now found [my dupes for this](https://stackoverflow.com/questions/69499225/how-to-solve-the-problem-of-self-signed-ssl-certificates-for-sites-intended-to-b) – dave_thompson_085 Dec 15 '21 at 10:55
  • @dave_thompson_085 So I have understood from your comment that the issue is with the certificate it self because it does not validate each requestor ... am I right? – MHassan Dec 15 '21 at 11:10
  • 1
    The certificate is data and cannot do anything; the CA (Certificate Authority) who issues the cert does the validation. Their identity should be recorded as the Issuer field in the cert. Who _is_ the issuer of this cert? Where (or how) did you get it? – dave_thompson_085 Dec 16 '21 at 08:23

0 Answers0