100
votes
Why does my browser think that https://1.1.1.1 is secure?
The GoDaddy documentation is mistaken. It is not true that Certification Authorities (CAs) must revoke certificates for all IP addresses… just reserved IP addresses.
Source: https://cabforum.org/...
- 19.7k
99
votes
Accepted
Why does my browser think that https://1.1.1.1 is secure?
English is ambiguous. You were parsing it like this:
(intranet names) or (IP addresses)
i.e. ban the use of numeric IP addresses entirely. The meaning that matches what you're seeing is:
intranet (...
- 5,970
78
votes
Accepted
Is "HTTPS Everywhere" still relevant?
HTTPS Everywhere certainly used to be more necessary during the days of mixed content and half-hearted website configurations. The web is certainly more mature nowadays, with technologies like HSTS ...
- 2,136
70
votes
How can I get Firefox to prefer HTTPS over HTTP?
Another alternative is HTTPS Everywhere. It's available for Firefox, Chrome and Safari.
Since it is developed from the collaboration between EFF and the TOR project, I tend to believe this plugin ...
- 701
60
votes
Accepted
cURL on Ubuntu 14: all Let's Encrypt certificates are expired (error 60)
The reason is that the "DST Root CA X3" certificate has expired yesterday.
To fix it, just disable the certificate on your server. Run:
sudo dpkg-reconfigure ca-certificates
On the first ...
- 1,121
58
votes
Accepted
Are there well known HTTP-only sites?
A well-known public HTTP only site will resolve this
You can use http://neverssl.com:
What?
This website is for when you try to open Facebook, Google, Amazon, etc
on a wifi network, and ...
- 158k
45
votes
Why does my browser think that https://1.1.1.1 is secure?
Looks like the Certificate Subject Alt Name includes the IP address:
Not Critical
DNS Name: *.cloudflare-dns.com
IP Address: 1.1.1.1
IP Address: 1.0.0.1
DNS Name: cloudflare-dns.com
IP Address: 2606:...
- 8,020
31
votes
Accepted
How do I view Current User Certificates, and not Local Machine Certificates, on Windows?
That's because you have opened the Certificate Manager for the local machine - certlm.msc.
If instead, you open the Certificate Manager for the user - certmgr.msc you should see your certificates. On ...
- 4,184
31
votes
cURL on Ubuntu 14: all Let's Encrypt certificates are expired (error 60)
Edit the file /etc/ca-certificates.conf
Find and comment with ! the line like this
!mozilla/DST_Root_CA_X3.crt
Save the file and update certificates with command
sudo update-ca-certificates
- 459
26
votes
Accepted
Get a server's SSL/TLS certificate using "openssl s_client"
After a while I figured it out: this particular load balancer was configured to use only TLSv1.2, which the version of openssl included in OS X (0.9.8) does not understand. I installed a newer version ...
- 938
25
votes
Accepted
Why is SSH safer than HTTPS on direct connections to a Git Repository with Credentials
It's not clear to me if you were told that SSH is more secure than
HTTPS in your particular case (where we don't have all the details),
which may be absolutely correct, or whether you've been given ...
- 1,040
24
votes
nginx http to https proxy with self-signed certificate
nginx allows usage of self-signed certificates by default:
Syntax: proxy_ssl_verify on | off;
Default: proxy_ssl_verify off;
Context: stream, server
Enables or disables verification of the ...
- 652
24
votes
Accepted
Why does Chrome say "Your connection to this site is not secure" even if the certificate is valid?
I found what it was. After updating Chrome and restarting it, the lock sign was fine. Chrome did not mark my site as insecure anymore. However, as soon as I accessed my server on another port with a ...
17
votes
How can I get Firefox to prefer HTTPS over HTTP?
Firefox addon "HTTPS by default" works:
https://addons.mozilla.org/en-US/firefox/addon/https-by-default/?src=ss
- 955
15
votes
This site can’t be reached: "mail.google.com is currently unreachable"
I'm one of the people working on SSL/TLS for Chrome.
We're experimenting with draft versions of TLS 1.3, the next revision of the TLS protocol. Unfortunately, we're seeing issues with buggy ...
- 151
15
votes
Accepted
How do I show www. and https:// in Chrome 79?
These instructions are from https://jdtechservices.net/tools/.
The first method, which I prefer, is to add a parameter to your Chrome shortcut inside the target field:
--disable-features=...
- 182
14
votes
Accepted
Chrome persistently redirecting to HTTPS for HTTP site
I found it !! I found it !!
For me, I had to perform this extra step :
Click on the icon of HTTPS on the left of the URL bar, and choose "Settings for this site".
Scroll and find "...
- 156
13
votes
Is "HTTPS Everywhere" still relevant?
Speaking as a previous ruleset contributor to HTTPS Everywhere, I have the following to offer.
The HTTPS Everywhere project periodically tests all of their rewriting rules and disables those which ...
- 350
13
votes
Accepted
git on Debian 10 backports throws fatal: unable to access 'https://github.com/user/repo.git': Failed sending HTTP2 data
In other computer with the same system, but with git working normally, I compared the packages not upgraded.
Downgrade libcurl3-gnutls to 7.64.0-4+deb10u2 and the problem is solved.
12
votes
Typing "danger" not working in google chrome anymore
In January 2018 the interstitial bypass keyword was changed to the output of...
window.atob('dGhpc2lzdW5zYWZl');
If you can't type this into a console, probably you should not use it.
It will be ...
- 1,162
12
votes
How to stop redirect from http:// to https://
Exit Firefox and edit the file
/Users/Chloe/AppData/Roaming/Mozilla/Firefox/Profiles/xxxxx.default-999999/SiteSecurityServiceState.txt
Delete the line with your domain in it. Then restart Firefox. ...
- 6,036
11
votes
Accepted
How can I get Chrome accepting self signed certificates?
Is it possible that Clients (Chrome) will accept the HTTPS connection
using a self signed certificate?
Yes. You need to import the certificate into Chrome (after exporting it to a file, if you have ...
- 23.2k
11
votes
nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate
It's an SSL cert verification since you're using a self-signed cert this validation will not work.
References:
https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-...
- 111
10
votes
Chrome persistently redirecting to HTTPS for HTTP site
I have been able to get around this by deleting the domain security policy for the domain:
Go to chrome://net-internals/#hsts
Go towards the end and enter your domain in this textbox and hit delete.
...
- 109
10
votes
Accepted
How does my operating system (Linux) make a Security Certificate invalid?
The server isn't sending the "intermediate" certificate (aka the "chain"), so the client simply doesn't have enough information to verify.
Your desktop browser and/or your OS papers over this problem ...
- 464k
10
votes
In Wireshark where can I find the TLS Server's Certificate
In TLS 1.3, all messages after ServerHello are encrypted – the actual Certificate message is hiding in the "Application Data" packet in line 3.
The ChangeCipherSpec message is meaningless in ...
- 464k
9
votes
How is ESET Smart Security able to intercept my HTTPS traffic?
How do I disable "Banking & Payment protection"?
I don’t want ESET to be able to intercept my HTTPS traffic at all!
You can permanently disable "Banking & Payment protection" as follows:
...
- 158k
9
votes
Are there well known HTTP-only sites?
These answers came from the comments and I believe they need a separate entry in the answers so they can be easily found.
http://google.com/generate_204
(from @GiantTree)
http://captive.apple.com/
(...
- 957
9
votes
Is "HTTPS Everywhere" still relevant?
While improved awareness of HTTPS and HSTS have certainly brought security standards forward, there is still use for the HTTPS Everywhere extension:
HSTS is great at protecting against HTTP downgrade ...
- 191
8
votes
This site can’t be reached: "mail.google.com is currently unreachable"
For me. I just disable the tls 1.3 and google mail works again. @_@
- 189
Only top scored, non community-wiki answers of a minimum length are eligible