Solved

red-cross and red-slash mark on browser when access my https site

Posted on 2013-12-17
12
1,475 Views
Last Modified: 2013-12-17
Dear experts,

after using openssl following this link
https://library.linode.com/web-servers/apache/ssl-guides/centos
 to create self-sign cert  but it doesn't mention how to generate
the cert as trusted certificate.

Anway after apache https and all cert key setup, I access my https site
such as https://mysite.com, Chrome will gave me SSL warning and then
I also follow other link from
 http://blogs.technet.com/b/sbs/archive/2007/04/10/installing-a-self-signed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx
And the SSL warning message is gone on my computer Chrome browser but that red-cross and red-slash mask on browser address bar still exists.  WHy ?

I have read a lot articles, some said it can NOT  get rid of those mark unless get third-party certificate  but some said it will be  okay to get rid of that  by self-sign cert. So sometimes it is confusing, and there should be two issues, the root of cause of those mark is from my openssl gererating key issue or is from Chrome browser security issue for those site not recongnzied by window and linux system.

If it is browser security issue or message, I must need to buy third-party cert to get rid of those mark, Right ? If not , what is final step to  generate trusted certifcate if I have already generated self-sign cert ?

Please advise for those mark root cause
0
Comment
Question by:duncanb7
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
12 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39724927
To get a "trusted certificate", you need to buy a third party certificate that traces it's authenticity to a known Certificate Authority.  You can not be your own trusted Certificate Authority.  Installing your self-signed certificate will make the site work but it will not make it "trusted".
0
 
LVL 13

Author Comment

by:duncanb7
ID: 39724945
Sorry and  add more information to my question:

there is NO such red-cross and read-slash mark on Firefox and IE browser and that only happen on Chrome browser
0
 
LVL 13

Author Comment

by:duncanb7
ID: 39724966
Dear  DaveBaldwin,

that is why I got confusing from reading those article. Some said self-sign cert could be trusted cert if the user can save and put or import it in the trusted vendor folder on browser


Duncan
0
Stressed Out?

Watch some penguins on the livecam!

 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 150 total points
ID: 39724968
That does not mean it is trusted in the other browsers.  If your site is a public site, every visitor will get the warnings about it being an untrusted site.  Installing the certs in your browsers does not make it work in other people's browsers.  Most other people will just leave when they get the warning, they won't make an exception for your site.
0
 
LVL 13

Author Comment

by:duncanb7
ID: 39724995
Hope you understand my question  or say it in other way suppose all users including my home computer are willing to save and import the my site self-sign cert into browers' trusted vendor folder as the link mention above, it should not have any such SSL warning and red-cross mark nearby https since browser understand users take his own risk  to access my site

So my question is red-cross mark is caused from my generated cert issue by openssl command or only on Chrome security issue or message  .. That are two different reason
or concept

Please advise
Duncan
0
 
LVL 35

Accepted Solution

by:
gr8gonzo earned 350 total points
ID: 39725026
Try rebooting. Chrome might not have all the latest updates from your trusted root store and rebooting will make sure you don't have any Chrome processes that are left behind.

I've also heard that sometimes you have to export and re-import using PKCS #7 single certificate format, but I'm not sure if that's accurate.

You also have to make sure you're importing into the trusted root store and not just letting the certificate import wizard automatically place it into the correct store.
0
 
LVL 35

Expert Comment

by:gr8gonzo
ID: 39725029
And Dave is correct that you should really only use self-signed certificates in situations where you have control over ALL of the visitors to your web site. You don't want to use a self-signed certificate on a public web site, because others are likely to leave the site because they will get the warning.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39725035
The "red-cross mark" must be a Chrome thing and I can't tell you exactly why.  Most users will NOT import your cert into their browsers because we tell them not to do that.  I know that I wouldn't.  

In the time that you are spending on this, you could have spent that amount of income on a certificate from Godaddy for $69 or from many others.  This Google search will show you many sources for SSL Certificates: https://www.google.com/search?q=cheap+ssl
0
 
LVL 13

Author Comment

by:duncanb7
ID: 39725075
Of course, finally and definitely I will buy third-party trusted cert. But before buying ,  I try to practice all SSL process setup with all related system such as my apache server by self-sign cert and know more SSL knowledge will help on to choose my right SSL cert product. otherwise it will happen again the cross-mark issue  when the uses access my https site even if I have installed or bought the trusted cert and save into my server. So just make sure  my server https is no any issue first before buying.

 I will try   gr8gonzo's suggestion first.

Duncan
0
 
LVL 13

Author Comment

by:duncanb7
ID: 39725118
The red-cross and red-slash mask is gone after quit browser and re-open it  so it can be concluded self-sign cert can be trusted cert if the user accept the risk  and willing to import the cert   file into Chrome browser root trusted cert folder for  accessing my https server

Now there is no mark on https for IE, Firefox, Chrome and my apache https server should not have any SSL certificate issus, so now I will go to buy or choose SSL trusted vendor and product

Duncan
0
 
LVL 13

Author Closing Comment

by:duncanb7
ID: 39725123
Thanks for all of your reply

Duncan
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39725184
You're welcome, glad to help.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question