duncanb7
asked on
red-cross and red-slash mark on browser when access my https site
Dear experts,
after using openssl following this link
https://library.linode.com/web-servers/apache/ssl-guides/centos
to create self-sign cert but it doesn't mention how to generate
the cert as trusted certificate.
Anway after apache https and all cert key setup, I access my https site
such as https://mysite.com, Chrome will gave me SSL warning and then
I also follow other link from
http://blogs.technet.com/b/sbs/archive/2007/04/10/installing-a-self-signed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx
And the SSL warning message is gone on my computer Chrome browser but that red-cross and red-slash mask on browser address bar still exists. WHy ?
I have read a lot articles, some said it can NOT get rid of those mark unless get third-party certificate but some said it will be okay to get rid of that by self-sign cert. So sometimes it is confusing, and there should be two issues, the root of cause of those mark is from my openssl gererating key issue or is from Chrome browser security issue for those site not recongnzied by window and linux system.
If it is browser security issue or message, I must need to buy third-party cert to get rid of those mark, Right ? If not , what is final step to generate trusted certifcate if I have already generated self-sign cert ?
Please advise for those mark root cause
after using openssl following this link
https://library.linode.com/web-servers/apache/ssl-guides/centos
to create self-sign cert but it doesn't mention how to generate
the cert as trusted certificate.
Anway after apache https and all cert key setup, I access my https site
such as https://mysite.com, Chrome will gave me SSL warning and then
I also follow other link from
http://blogs.technet.com/b/sbs/archive/2007/04/10/installing-a-self-signed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx
And the SSL warning message is gone on my computer Chrome browser but that red-cross and red-slash mask on browser address bar still exists. WHy ?
I have read a lot articles, some said it can NOT get rid of those mark unless get third-party certificate but some said it will be okay to get rid of that by self-sign cert. So sometimes it is confusing, and there should be two issues, the root of cause of those mark is from my openssl gererating key issue or is from Chrome browser security issue for those site not recongnzied by window and linux system.
If it is browser security issue or message, I must need to buy third-party cert to get rid of those mark, Right ? If not , what is final step to generate trusted certifcate if I have already generated self-sign cert ?
Please advise for those mark root cause
Dave Baldwin
To get a "trusted certificate", you need to buy a third party certificate that traces it's authenticity to a known Certificate Authority. You can not be your own trusted Certificate Authority. Installing your self-signed certificate will make the site work but it will not make it "trusted".
ASKER
Sorry and add more information to my question:
there is NO such red-cross and read-slash mark on Firefox and IE browser and that only happen on Chrome browser
there is NO such red-cross and read-slash mark on Firefox and IE browser and that only happen on Chrome browser
ASKER
Dear DaveBaldwin,
that is why I got confusing from reading those article. Some said self-sign cert could be trusted cert if the user can save and put or import it in the trusted vendor folder on browser
Duncan
that is why I got confusing from reading those article. Some said self-sign cert could be trusted cert if the user can save and put or import it in the trusted vendor folder on browser
Duncan
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hope you understand my question or say it in other way suppose all users including my home computer are willing to save and import the my site self-sign cert into browers' trusted vendor folder as the link mention above, it should not have any such SSL warning and red-cross mark nearby https since browser understand users take his own risk to access my site
So my question is red-cross mark is caused from my generated cert issue by openssl command or only on Chrome security issue or message .. That are two different reason
or concept
Please advise
Duncan
So my question is red-cross mark is caused from my generated cert issue by openssl command or only on Chrome security issue or message .. That are two different reason
or concept
Please advise
Duncan
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
And Dave is correct that you should really only use self-signed certificates in situations where you have control over ALL of the visitors to your web site. You don't want to use a self-signed certificate on a public web site, because others are likely to leave the site because they will get the warning.
The "red-cross mark" must be a Chrome thing and I can't tell you exactly why. Most users will NOT import your cert into their browsers because we tell them not to do that. I know that I wouldn't.
In the time that you are spending on this, you could have spent that amount of income on a certificate from Godaddy for $69 or from many others. This Google search will show you many sources for SSL Certificates: https://www.google.com/search?q=cheap+ssl
In the time that you are spending on this, you could have spent that amount of income on a certificate from Godaddy for $69 or from many others. This Google search will show you many sources for SSL Certificates: https://www.google.com/search?q=cheap+ssl
ASKER
Of course, finally and definitely I will buy third-party trusted cert. But before buying , I try to practice all SSL process setup with all related system such as my apache server by self-sign cert and know more SSL knowledge will help on to choose my right SSL cert product. otherwise it will happen again the cross-mark issue when the uses access my https site even if I have installed or bought the trusted cert and save into my server. So just make sure my server https is no any issue first before buying.
I will try gr8gonzo's suggestion first.
Duncan
I will try gr8gonzo's suggestion first.
Duncan
ASKER
The red-cross and red-slash mask is gone after quit browser and re-open it so it can be concluded self-sign cert can be trusted cert if the user accept the risk and willing to import the cert file into Chrome browser root trusted cert folder for accessing my https server
Now there is no mark on https for IE, Firefox, Chrome and my apache https server should not have any SSL certificate issus, so now I will go to buy or choose SSL trusted vendor and product
Duncan
Now there is no mark on https for IE, Firefox, Chrome and my apache https server should not have any SSL certificate issus, so now I will go to buy or choose SSL trusted vendor and product
Duncan
ASKER
Thanks for all of your reply
Duncan
Duncan
You're welcome, glad to help.