I've secured my neo4j setup with SSL certificates, however, I got "Partially encrypted content" warning.
So I checked why, and it turns out Neo4J is calling out to
http://assets.neo4j.org/v2/json/neo4jmotd?callback=angular.callbacks._0&count=10?plain=true
To get a useless message of the day.
Is there a way to disable it or make it use ssl?
Related
Post chrome version 105.x.x. update, a webpage is blocked by giving the error NET://ER_CERT_INVALID
What changes are expected to do with a certificate to get it passes and allow users to access it?
We need solution at server end itself not client end.
Downgrading to 104 works for us. But this is not a feasible solution to be given to the client.
I have a password input where I change its type with the ng-attr-type directive:
<input ng-attr-type="{{ showPassword ? 'text' : 'password' }}">
The problem is that now I get a warning message saying that my connection is not secure at the top of my browser. Do you know how to get rid of it?
Thanks.
You have a password <input> and most likely your application is not running on HTTPS. Therefore your browser interprets a possible insecure connection since you'd be sending credentials over a non-encrypted protocol.
You'd have to enable HTTPS on your application in order to avoid seeing this error.
As of Chrome 56, web pages that contain a password or credit card input field that are not served over HTTPS will display security warnings. I believe that Firefox is planning on doing something similar (they may already have done so).
The only way to get rid of this warning is to configure your web server so it's using an SSL certificate. Let's Encyrpt, which is a Linux Foundation project, will provide you with one for free.
If I access my glassfish server at http://localhost:8080, I receive the glassfish welcome page, as it should be. But if I try to access the other http listener at https://localhost:8181, I receive a message like that:
(illustrative image)
How can I avoid this error message (thinking that I don't want my clients to see it)?
This is because GlassFish generates self-signed certificates for authentication (s1as and glassfish-instance). Your browser is (rightly) complaining that it doesn't trust these certificates, because anyone can fake them for a "man-in-the-middle" attack.
To get around this, you will need to obtain a new private key and certificate from a trusted CA to replace the self-signed ones.
These can then be imported to your keystore,jks and cacerts.jks, or you can create new keystores. If you're unfamiliar with how this works, I would suggest making backups of the originals, then importing to the existing keystores, since the communication between DAS and instances relies on certificates for authentication in a lot of places.
The GlassFish 4 Security Guide [PDF] should help you.
So after i hit back when seeing the message on chrome saying that my connection isnt secure on a HTTPS
now i can not access this page on my network and can only access it on my vps... is there any way I can fix this i searched all over the web and im so blown cause now i can't access my own webpage..
PS: I have tried accessing the page on another computer on the same network and i get the same error message of ERR_CONNECTION_TIMED_OUT when ever i try to go to the page, and yes i have tryed connecting on another router and the page loads fine and is a live copy of the page. please help me
Your connection is not private
Attackers might be trying to steal your information from xxxxx.com (for example, passwords, messages, or credit cards).
Back to safety Hide advanced
This server could not prove that it is (website).com; its security certificate is from server1.(website).com. This may be caused by a misconfiguration or an attacker intercepting your connection.
Proceed to (website).com (unsafe)
NET::ERR_CERT_COMMON_NAME_INVALID
I have created a certificate request for code signing purposes. The sys admins told me they have never given one before and told me they need to set up local windows certificate issuing to hand out certificates for code signing purposes. They have sent me a certificate base 64 encoded once it is enabled. I imported cert into my pc and tried to sign the microsoft access. Microsoft access claims the digital signature is not valid.
When I look at the signature, it looks valid. Is there anyway I can debug why the cert is no good for code signing purposes ? Thanks.
That was dumb but here's what happened. When I went through the certmgr, it did not let me request a certificate through the AD policy. I had to create a request using the custom request. What I did not realize is that, I was issuing the command from another computer and sending the request and then importing the certificate from another computer.
Basically I did not have a private key on the other computer to sign the certificate, the certificate looked ok but the prompt that says "you have a private key ..." was not there. When I went in and imported the certificate, on the same computer that I have created the request from, the private key was found and I was able to sign it. That was stupid but you think, I would get a more descriptive warning.
Of course now that I have signed my access 2007 package, I figured out it, it still gives me a warning about macros and asks me to still enable.. My understanding was that signing your package will let others to run the content without running into trust center issues... Fudge....