Solved

red-cross and red-slash mark on browser when access my https site

Posted on 2013-12-17
12
1,441 Views
Last Modified: 2013-12-17
Dear experts,

after using openssl following this link
https://library.linode.com/web-servers/apache/ssl-guides/centos
 to create self-sign cert  but it doesn't mention how to generate
the cert as trusted certificate.

Anway after apache https and all cert key setup, I access my https site
such as https://mysite.com, Chrome will gave me SSL warning and then
I also follow other link from
 http://blogs.technet.com/b/sbs/archive/2007/04/10/installing-a-self-signed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx
And the SSL warning message is gone on my computer Chrome browser but that red-cross and red-slash mask on browser address bar still exists.  WHy ?

I have read a lot articles, some said it can NOT  get rid of those mark unless get third-party certificate  but some said it will be  okay to get rid of that  by self-sign cert. So sometimes it is confusing, and there should be two issues, the root of cause of those mark is from my openssl gererating key issue or is from Chrome browser security issue for those site not recongnzied by window and linux system.

If it is browser security issue or message, I must need to buy third-party cert to get rid of those mark, Right ? If not , what is final step to  generate trusted certifcate if I have already generated self-sign cert ?

Please advise for those mark root cause
0
Comment
Question by:duncanb7
  • 6
  • 4
  • 2
12 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39724927
To get a "trusted certificate", you need to buy a third party certificate that traces it's authenticity to a known Certificate Authority.  You can not be your own trusted Certificate Authority.  Installing your self-signed certificate will make the site work but it will not make it "trusted".
0
 
LVL 13

Author Comment

by:duncanb7
ID: 39724945
Sorry and  add more information to my question:

there is NO such red-cross and read-slash mark on Firefox and IE browser and that only happen on Chrome browser
0
 
LVL 13

Author Comment

by:duncanb7
ID: 39724966
Dear  DaveBaldwin,

that is why I got confusing from reading those article. Some said self-sign cert could be trusted cert if the user can save and put or import it in the trusted vendor folder on browser


Duncan
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 150 total points
ID: 39724968
That does not mean it is trusted in the other browsers.  If your site is a public site, every visitor will get the warnings about it being an untrusted site.  Installing the certs in your browsers does not make it work in other people's browsers.  Most other people will just leave when they get the warning, they won't make an exception for your site.
0
 
LVL 13

Author Comment

by:duncanb7
ID: 39724995
Hope you understand my question  or say it in other way suppose all users including my home computer are willing to save and import the my site self-sign cert into browers' trusted vendor folder as the link mention above, it should not have any such SSL warning and red-cross mark nearby https since browser understand users take his own risk  to access my site

So my question is red-cross mark is caused from my generated cert issue by openssl command or only on Chrome security issue or message  .. That are two different reason
or concept

Please advise
Duncan
0
 
LVL 34

Accepted Solution

by:
gr8gonzo earned 350 total points
ID: 39725026
Try rebooting. Chrome might not have all the latest updates from your trusted root store and rebooting will make sure you don't have any Chrome processes that are left behind.

I've also heard that sometimes you have to export and re-import using PKCS #7 single certificate format, but I'm not sure if that's accurate.

You also have to make sure you're importing into the trusted root store and not just letting the certificate import wizard automatically place it into the correct store.
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 39725029
And Dave is correct that you should really only use self-signed certificates in situations where you have control over ALL of the visitors to your web site. You don't want to use a self-signed certificate on a public web site, because others are likely to leave the site because they will get the warning.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39725035
The "red-cross mark" must be a Chrome thing and I can't tell you exactly why.  Most users will NOT import your cert into their browsers because we tell them not to do that.  I know that I wouldn't.  

In the time that you are spending on this, you could have spent that amount of income on a certificate from Godaddy for $69 or from many others.  This Google search will show you many sources for SSL Certificates: https://www.google.com/search?q=cheap+ssl
0
 
LVL 13

Author Comment

by:duncanb7
ID: 39725075
Of course, finally and definitely I will buy third-party trusted cert. But before buying ,  I try to practice all SSL process setup with all related system such as my apache server by self-sign cert and know more SSL knowledge will help on to choose my right SSL cert product. otherwise it will happen again the cross-mark issue  when the uses access my https site even if I have installed or bought the trusted cert and save into my server. So just make sure  my server https is no any issue first before buying.

 I will try   gr8gonzo's suggestion first.

Duncan
0
 
LVL 13

Author Comment

by:duncanb7
ID: 39725118
The red-cross and red-slash mask is gone after quit browser and re-open it  so it can be concluded self-sign cert can be trusted cert if the user accept the risk  and willing to import the cert   file into Chrome browser root trusted cert folder for  accessing my https server

Now there is no mark on https for IE, Firefox, Chrome and my apache https server should not have any SSL certificate issus, so now I will go to buy or choose SSL trusted vendor and product

Duncan
0
 
LVL 13

Author Closing Comment

by:duncanb7
ID: 39725123
Thanks for all of your reply

Duncan
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39725184
You're welcome, glad to help.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secureā€¦
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question