Connection fails with valid SSL certificate on .local TLD
-
everything ok in the lists,
but exists a rule, that passwords are never stored, wenn https is made with a selfsigned certificate?
via vivaldi://settings/people i can see the certificate store and our own CA as a trusted one
but when opening a site with a certificate from our CA, the icon in the URL-Bar is red, open and the browser shows me a warning "not secure"modedit splitted thread, added tags
-
@Gwen-Dragon said in Vivaldi Won't Ask To Save Password On A Site:
@FBorrmann said in Vivaldi Won't Ask To Save Password On A Site:
but exists a rule, that passwords are never stored, wenn https is made with a selfsigned certificate?
Yes.
but when opening a site with a certificate from our CA, the icon in the URL-Bar is red, open and the browser shows me a warning "not secure"
Depends on certificate, is it really valid and complete?
yes, windows certificate manager says so and the chain is extremely short: the CA has it signed with no other instance in the path
Firefox uses the same certificate store and shows lock closed and green
but Vivaldi shows the lock open and redHas the server's SSL certificate a complete chain?
Did you import your CA root certificate with Windows Certificate Store in Trusted Root Certificates?
it's imported into Trusted Root and the certificate manager (store) says its valid, thats why IE and Firefox are working wellwhat can be different with Vivaldi when using the same certificate store?
-
Hi again,
browser-cache emptied, browser closed and complete new start of the machine
when opening, there is no message/popup
but the icon in the adressbar is still in red (therefore no passwort save request)
the status of the certificate is not valid for the browser but for the certificate store
So Vivaldi uses the store but interprets it on his own way?
The webiste is internal, the CA is internal and client is in the same net.
Any hints what to check?
-
first time using this tool:
perhaps its cause of SHA-1 ?
-
@FBorrmann said in Connection fails with valid SSL certificate on .local TLD:
perhaps its cause of SHA-1 ?
Yes, I think so:
https://www.chromium.org/Home/chromium-security/education/tls/sha-1
https://knowledge.digicert.com/generalinformation/INFO3977.htmlSince this policy is intended only to allow additional time to complete the migration away from SHA-1, it will eventually be removed in the first Chrome release after January 1st 2019.
You should also disable TLS 1.0 on the server side, I assume you have access to the server (Apache or something else) settings:
https://httpd.apache.org/docs/trunk/ssl/ssl_howto.html#onlystrong
https://www.zdnet.com/article/chrome-edge-ie-firefox-and-safari-to-disable-tls-1-0-and-tls-1-1-in-2020/
https://security.googleblog.com/2018/10/modernizing-transport-security.htmlGoogle Chrome will deprecate TLS 1.0 and TLS 1.1 in Chrome 72. Sites using these versions will begin to see deprecation warnings in the DevTools console in that release. TLS 1.0 and 1.1 will be disabled altogether in Chrome 81.
Happy reading
-
Thanks a lot, SHA1 is really worse.
Now we have some homework to do.Ich bin übrigens selbst der Admin, hatte nur nicht genauer in die Details der Zertifikate geschaut, die mein Dienstleister angelegt hat. Hätte auch selbst schon draufkommen können, denn schon bei dem uralten Opera konnte man gezielt alte Ciphersuiten usw. deaktivieren und sich wundern, was dann alles nicht mehr geht und dies schon bevor man den Server angefasst hat. Hier übernimmt Chrome bereits die Auswahl für einen;-(
Jetzt muß erstmal die CA erneuert und der Server auf TLS1.2 umgestellt werden und hoffentlich läuft dann noch die Anwendung (IIS6.0).
-
@Gwen-Dragon
its working now, the browser accepts saving a login-password again
the last thing about the obsolete cipher suite will hopefully be away, when the server was migrated from Server2008R2 to Server2016; unfortunately Server2008R2/IIS has no support für SHA-2
but it's green in the browser and working
-
Ppafflick moved this topic from Vivaldi for Windows on
