Solved

red-cross and red-slash mark on browser when access my https site

Posted on 2013-12-17
12
1,383 Views
Last Modified: 2013-12-17
Dear experts,

after using openssl following this link
https://library.linode.com/web-servers/apache/ssl-guides/centos
 to create self-sign cert  but it doesn't mention how to generate
the cert as trusted certificate.

Anway after apache https and all cert key setup, I access my https site
such as https://mysite.com, Chrome will gave me SSL warning and then
I also follow other link from
 http://blogs.technet.com/b/sbs/archive/2007/04/10/installing-a-self-signed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx
And the SSL warning message is gone on my computer Chrome browser but that red-cross and red-slash mask on browser address bar still exists.  WHy ?

I have read a lot articles, some said it can NOT  get rid of those mark unless get third-party certificate  but some said it will be  okay to get rid of that  by self-sign cert. So sometimes it is confusing, and there should be two issues, the root of cause of those mark is from my openssl gererating key issue or is from Chrome browser security issue for those site not recongnzied by window and linux system.

If it is browser security issue or message, I must need to buy third-party cert to get rid of those mark, Right ? If not , what is final step to  generate trusted certifcate if I have already generated self-sign cert ?

Please advise for those mark root cause
0
Comment
Question by:duncanb7
  • 6
  • 4
  • 2
12 Comments
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
To get a "trusted certificate", you need to buy a third party certificate that traces it's authenticity to a known Certificate Authority.  You can not be your own trusted Certificate Authority.  Installing your self-signed certificate will make the site work but it will not make it "trusted".
0
 
LVL 13

Author Comment

by:duncanb7
Comment Utility
Sorry and  add more information to my question:

there is NO such red-cross and read-slash mark on Firefox and IE browser and that only happen on Chrome browser
0
 
LVL 13

Author Comment

by:duncanb7
Comment Utility
Dear  DaveBaldwin,

that is why I got confusing from reading those article. Some said self-sign cert could be trusted cert if the user can save and put or import it in the trusted vendor folder on browser


Duncan
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 150 total points
Comment Utility
That does not mean it is trusted in the other browsers.  If your site is a public site, every visitor will get the warnings about it being an untrusted site.  Installing the certs in your browsers does not make it work in other people's browsers.  Most other people will just leave when they get the warning, they won't make an exception for your site.
0
 
LVL 13

Author Comment

by:duncanb7
Comment Utility
Hope you understand my question  or say it in other way suppose all users including my home computer are willing to save and import the my site self-sign cert into browers' trusted vendor folder as the link mention above, it should not have any such SSL warning and red-cross mark nearby https since browser understand users take his own risk  to access my site

So my question is red-cross mark is caused from my generated cert issue by openssl command or only on Chrome security issue or message  .. That are two different reason
or concept

Please advise
Duncan
0
 
LVL 34

Accepted Solution

by:
gr8gonzo earned 350 total points
Comment Utility
Try rebooting. Chrome might not have all the latest updates from your trusted root store and rebooting will make sure you don't have any Chrome processes that are left behind.

I've also heard that sometimes you have to export and re-import using PKCS #7 single certificate format, but I'm not sure if that's accurate.

You also have to make sure you're importing into the trusted root store and not just letting the certificate import wizard automatically place it into the correct store.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 34

Expert Comment

by:gr8gonzo
Comment Utility
And Dave is correct that you should really only use self-signed certificates in situations where you have control over ALL of the visitors to your web site. You don't want to use a self-signed certificate on a public web site, because others are likely to leave the site because they will get the warning.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
The "red-cross mark" must be a Chrome thing and I can't tell you exactly why.  Most users will NOT import your cert into their browsers because we tell them not to do that.  I know that I wouldn't.  

In the time that you are spending on this, you could have spent that amount of income on a certificate from Godaddy for $69 or from many others.  This Google search will show you many sources for SSL Certificates: https://www.google.com/search?q=cheap+ssl
0
 
LVL 13

Author Comment

by:duncanb7
Comment Utility
Of course, finally and definitely I will buy third-party trusted cert. But before buying ,  I try to practice all SSL process setup with all related system such as my apache server by self-sign cert and know more SSL knowledge will help on to choose my right SSL cert product. otherwise it will happen again the cross-mark issue  when the uses access my https site even if I have installed or bought the trusted cert and save into my server. So just make sure  my server https is no any issue first before buying.

 I will try   gr8gonzo's suggestion first.

Duncan
0
 
LVL 13

Author Comment

by:duncanb7
Comment Utility
The red-cross and red-slash mask is gone after quit browser and re-open it  so it can be concluded self-sign cert can be trusted cert if the user accept the risk  and willing to import the cert   file into Chrome browser root trusted cert folder for  accessing my https server

Now there is no mark on https for IE, Firefox, Chrome and my apache https server should not have any SSL certificate issus, so now I will go to buy or choose SSL trusted vendor and product

Duncan
0
 
LVL 13

Author Closing Comment

by:duncanb7
Comment Utility
Thanks for all of your reply

Duncan
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
You're welcome, glad to help.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now