I'm developing an HTTPS proxy server using titanium proxy server. I will monitor some websites and will modify the response of those websites. Some of those websites are https, that's why I'm using https proxy server.
Now here is the problem. As far as I know, to intercept an HTTPS site, we must have certificate and titanium proxy server has a dummy certificate. I think whenever the server is started, titanium proxy server tries to install that certificate as a root certificate so that browsers can trust that certificate. This approach is working perfect for all browsers except firefox.
I can see titanium root certificate installed in all browsers and I can successfully intercept HTTPS websites running in Google Chrome or Safari. But whenever I try to open a HTTPS website in firefox, it gives an error that the connection is untrusted.
I think certificate is not being installed in firefox or is being rejected by firefox as it is not signed by any CA authority. But why are other browsers not showing the same error?
My problem is that I need to intercept HTTPS websites too - it is requirement of the project. What if I buy a certificate from a CA authority and use that certificate with application, will it work or not? Can I use web server certificates with a desktop application? I really don't know much about SSL. any help will be much appreciated. Looking forward to you guys.
PS: I'm attaching a snapshot of firefox windows, for reference.
error window
Firefox uses it's own CA store, while Chrome, Safari and IE use the systems CA store on Windows and Mac. Thus you explicitly need to import the certificate into Firefox as trusted.
Related
I have designed a desktop application using windows forms app.
It will be receiving a pop-up message whenever an updated version is available on the server.
I have generated an API which consists of the updated version of the desktop application which is been used as the server with the help of the ngrok and I have enabled the SSL for the API. The SSL certificate is been installed into trusted root certification authority.
Now how to use the SSL for server validation(that is the clients who the SSL only need to hit the server and can download the updated version)?
Please, someone help me in solving this issue.
I have an application that can be downloaded from our website and runs on user PC.
This application provides connection between our hardware and our web application. It uses SignalR for communication.
Basically, I run SignalR server under WinForms application and have javascript client that tries to access it through http://localhost:8084/signalR.
Everything works fine when I use HTTP version of the web application, but fails, when I use HTTPS for my web application:
Most of the browsers don't allow unsecured connections from a secure page.
So, my question is how can I have self-signed certificate included in my software which installs certificate on user pc during installation and how can I make it work in the way that browsers not complaining about unsecured connection?
If you run SignalR server on user PC each user must obtain the certificate for SignalR connection it launches. Self-signed certificate would be reasonable decision for an Intranet or development. It isn't safe enough for the internet. Another possible problem is retrieving name of the machine where SignalR is running. Certificate attaches to certain local machine(I could be wrong at this) and for connecting to client's application SignalR server you need to know the name of machine he uses. Migrating SignalR server from client to web app server will solve mentioned troubles.
My PC is running two c# application.
I want the one of the C# application go through fiddler proxy that running on My local PC.
and I want the other one C# app go through fiddler proxy that running on remote PC.
I have installed 2 fiddler cert generated by the above two different proxy.
But I found that only the fiddler running on local PC can decrypt the https.
Is is because my PC treat the two cert as one single cert ?
Can make one application trust on one set of cert and the other one trust on another set of certs ?
On Windows 7, for ASP Web API solution, not able to connect to https port (other than 443) because of missing SSL port certificates(44300 +) which I checked it using "netsh http show sslcert". I tried adding certificate manually but it didn't work with my solution.
The binding statements for those ports are correct in "applicationhost.config" of IIS express.
"".These certificates are automatically generated on windows server 2008.
In the browser it shows is "This webpage is not available".
Can Somebody help me?
In IIS you will need to add a binding to that site for the port you want to use.
See this for additional help
http://www.digicert.com/ssl-certificate-installation-microsoft-iis-7.htm
or
IIS Express
http://msdn.microsoft.com/en-us/library/ms733791.aspx
I have a Flash Player ActiveX control embedded in a .NET WinForms application and am trying to load a SWF into the FP control over an HTTPS url. In development I'm using a self-signed certificate and it seems that in this scenario I can't get FP to accept the certificate and allow the HTTPS communications.
When I try to load the swf over https directly, I don't see the swf and when I right-click on the control I see "Movie not loaded".
I can load the swf over http and then try to make Flash Remoting calls over https. I don't expect this to work by default but I added a crossdomain.xml file to allow insecure communications. The crossdomain.xml file is in the root of the server but is not loaded. I added an explicit call to loadPolicyFile with the full https url and the crossdomain.xml file is still not loaded. The local IIS logs don't show any request for the file at all, nothing in the HTTPERR file, and Flash's policyfiles.txt log says
Warning: Failed to load policy file from https://localhost/crossdomain.xml
If I host the swf in a browser, then the browser prompts to accept the certificate and everything works fine. I've accepted the certificate in IE and Firefox.
I also tried calling DisableLocalSecurity() on the FP ActiveX control but it had no effect. I didn't really expect it to since I'm not actually loading the swf locally, it's loaded from a url.
Can anyone confirm if the self-signed cert really is the problem? Is there a way to get FP to accept the certificate? Any way to bypass the http/https restriction (this is a locally installed app so I can change any local config files we need)?
Turns out Flash Player itself doesn't support HTTPS in standalone or embedded in a desktop application. It does support HTTPS in a browser but then it's using the browser for https calls.
HTTPS support in Flash Player embedded in Desktop apps is a new feature in Flash Player 11.
http://kb2.adobe.com/cps/916/cpsid_91694.html
New Features in Flash Player 11
TLS Secure Sockets Support (new for Flash Player) — Enables secure communications for client/server applications.