Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "ssl cert"
-
Motherfucker. It's two thousand fucking seventeen. You can get a free ssl certificate for any website.
Then WHY are there still some fucking websites which contain login portals, sensitive information or anything that SHOULD be protected in transit WITHOUT FUCKING SSL?!
I hope that the people who manage those sites and are AWARE that they can get a free cert but don't do that die in agonising pain.
This really fucking pisses me off.
On another note, EVERY site should have SSL, it's free anyways and protects your visitors from a range of threats.-24 -
(The PM is pretty technical)
One day:
Me: Could you create this subdomain?
PM: Sure, just a sec.
Me: Ohh and could you add a letsencrypt cert? (one click thingy)
PM: Why would you need that on this kinda site...
Me: Well in general for security...
PM: Nahh.
*walks away*
Next day:
(referring to my internship manager/guider as Bob)
Bob: Hey... we have a new subdomain!
Me: Yup!
Bob: Wait why is there no letsencrypt certificate installed...?!?
Me: Well, the PM didn't find that neccesary...
Bob: (Oo) of course it is... are we going for security by default or what?
Me: Yup agreed.
Bob: *creates cert and sets everything up in under a minute*
It wasn't a high profile site (tiny side project) but why not add SSL when you can for free?8 -
So I did a rookie mistake this week. Connected a webapp for a client using Nginx and installed the SSL cert for the site. I decided to activate the firewall of the server because hey security. All was well. Went home feeling like I am the shit.
Next day I find out I can't log in to the server over ssh. Only to find out that I had forgotten to allow SSH through the firewall.
I had basically locked myself out of the server. 😞9 -
I'm not sure if this entirely qualifies and I might have ranted about it a few years ago but fuck it.
My last internship. Company was awesome and my mentor/technical manager got along very well with me to the point that he often asked me to help out with Linux based stuff (he preferred Linux but was a C# guy and wasn't as familiar with it as me (Linux)).
We had to build an internal site thingy (don't remember what it was) and we delivered (me and some interns) and then the publishing moment came so I went to out project manager (a not-as-technical one) and asked if he could install a LetsEncrypt certificate on the site (he knew how and was one of the only ones who had direct access to the server).
He just stared at us and asked why the fuck we needed that since it was an internal thing anyways.
I kindly told that since it's free and can secure the connection, I preferred that and since its more secure, why the fuck not?
He wasn't convinced so it was off.
Next day I came in early and asked my mentor if he could do the SSL since he usually had access to that stuff. He stared at me with "what?" eyes and I explained what the PM said.
Then he immediately ssh'd in and got the damn cert with "we're going to go secure by default, of course!"
A minute later it was all set.2 -
Eh ehe hehe he eh ehehe
On top of burnout, codebase issues, spec issues, burnout, the product butt that keeps on crapping, burnout, burnout, loathing for my employer... My local Apple SSL cert expired. I can’t finish this and push it anywhere for testing. I can’t even run my own specs anymore. And I don’t have permissions to make a new one. I can’t do anything at all.
Ehe he hehe
Deadline is in two days, and I’m just sitting here laughing quietly to myself. I might finally be going crazy
I found a loose bit of tangle, started to pull, and the world decided it was time to fall apart. Reality said it’s time to go. And I wasn’t even a good screwdriver dev. Byeee ~random root’s mind says no specs say no ssl says no ehehe sanity says no product says more more more! codebase says no screwdriver says no 🤪 reality says no burnout says no12 -
SSL FYI for anyone using Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL Certs, Chrome will distrust next year.
https://security.googleblog.com/201...8 -
So we send a quote out to a client to update his website to make it compliant with the new privacy guidelines: SSL encryption, removing external libraries, removing Facebook Plug-ins, all that stuff. We didn't get a response.
On Monday, he called in a panic. "The website does not work, fix immediately!"
I check out the server, what do I see? An SSL cert installed the Friday before... Client decided to do it himself, on a Friday, without testing. He broke something, but cannot tell me exactly what he did.
And somehow he thinks all that is my fault :D4 -
Me: ssl conn cannot be esrablished. Cert is not signed
Sr. Dev/architect: what url are you calling?
Me: dns_name:port
sd/a: yeah, I know that. But what is the url?
Me: *how the f... Did you get 'sr' and 'arch' titles, man???*
Me: why does it matter?
Sd/a: certificates depend on a url. Our LB selects a cert according to a request url
me: *buddy, I like you but I no longer look at you with respect like I used to before today...*9 -
Not dev related but still a rant:
My company decided that all the network traffic should go throu a virus scanner. But they don't know what the fuck they are doing, so now EVERY valid SSL cert gets rejected by our browsers because the virus-scanner breaks the SSL encryption.
Anyone open for a pishing attack?8 -
About browsers and whole SSL CERT thing...
Most likely everyone here noticed, that https site with broken certificate will throw these big red warnings, in your face and there is so much wording like "ITS NOT SECUREEEE" or "ITS HACKEDDD" almost like it was written by passionate fanatic.
But when you are on plaintext http browsers reaction is like ¯\_(ツ)_/¯
Even if you have plaintext with password, it will for example in chromium put small little red thingy that almost no one notices.
I believe that broken cert with some error like invalid date is MORE secure than plaintext password, yet still there is this hypocracy with browsers...
I dont say that broken SSL cert is good, or something, Im just pointing out contrast of "broken" https vs plain http.... One looks for casual Joe like end of the world is coming and second is bearly noticable. Da fuck?
I disagree with this approach18 -
A year ago it took me hours to get SSL working on my Digital Ocean droplet I was using to host my website. I had no idea what I was doing and even though I 'knew' how to use the terminal and do most things, I wasn't confident or competent to only rely on the CLI.
About a year later (today) I get an email that my SSL is about to expire and needs renewed. Done and taken care of within 20 minutes, (with a 2 hour gap due to waiting for the cert authority to send me the zip of files)
All that time using i3 and moving to Linux is paying off. Maybe by the time I can afford to build my next desktop I can make my main OS linux7 -
Oh my gosh I hate SSL so much. A cert expired this morning, and with it, 29 digital signs are now offline. Shoot me now.3
-
when I hear clients says they spent a fortune on SSL cert. I Wonder for that poor soul, you know what I mean.4
-
Hi.
Forgot to renew my expiring ssl cert of my smtp/imaps/pop3s on 12/31. Set that date to self-harm me for bad monitoring.
F**K F**K F**K F**K...
Why do I do that?
F******K!
Meh.
You shall have a happy new year... i will regen certs :D -
Decrypt api responses in an iOS app which my “senior” dev thinks it is more secure to encrypt responses in stead of setting up a proper SSL cert (they use plain http to save money 🙄)
They disable the encryption since it does not function as we wanted and set up SSL instead🙄4 -
I made a bit of a tradition of building a list of hardware that's superior to whatever Crapple is releasing whenever Crapple releases something - and for the first time, I decided to make it public instead of just sharing it with some coworkers.
Making it public however took some time (luckily, yesterday was a holiday here, so I got it done now) - at least, making it looking "not like shit" took some time.
So enjoy my (very basic) bootstrap templated, yet possibly useful list of builds superior to the Crapple Rag Mini (which is a completely fictional entity not resembling any existing company in the world. Promise. Totally. Penguin's swear.)
The list can be found here - expect to see an update anytime Crapple pushes new shit to the market:
http://il-pinguino.com/superiortocr...
(possibly not safe for work, children, catholics and SJWs). Yeah, no SSL cert, currently. Hell, it's a private server, it doesn't process any of your info and it doesn't offer downloads... I might add one in the future.
I hope you can forgive my shameless self-promotion, it's not a commercial site, there are no ads/shitcoin miners on it and i don't get a share/cut/whatever - just a small humorous joke project. For now.
BTW: I didn't attempt to build any of those. It should work, but please don't sue me if it doesn't.5 -
* Developing a new "My pages" NBV offer/order solution for customer
_Thursday
Customer: Are we ready for testing?
Me: Almost, we need to receive the SSL cert and then do a full test run to see if your sales services get the orders correctly. At this point, all orders made via this flow are tagged so they will not be sent to the Sales services. We also still need to implement the tracking to see who has been exposed to what in My Pages.
Customer: Ok, great!
_Friday
Customer: My web team needs these customers to have fake offers on them, to validate the layout and content
Me: Ok, my colleague can fix this by Tuesday - he has all the other things with higher prio from you to complete first
Customer: Ok! Good!
_Sunday
Me: Good news, got the SSL cert installed and have verified the flow from my side. Now you need to verify the full flow from your side.
Customer: Ok! Great! Will do.
_Monday
*quiet*
_Tuesday
Customer: Can you see how things are going? Any good news?
Me: ???
*looks into the system*
WTF!?!
- Have you set this into production on your side? We are not finished with the implementation on our side!
Customer: Oh, sorry - well, it looked fine when we tested with the test links you sent (3 weeks ago)
Me: But did you make a complete test run, and make sure that Sales services got the order?
Customer: Oh, no they didn't receive anything - but we thought that was just because of it being a test link
Me: Seriously - you didn't read what i wrote last Thursday?
Customer: ...
Me: Ok, so what happens if something goes wrong - who get's blamed?
Customer: ...
Me: FML!!!2 -
What makes free ssl "Unsuitable for e-commerce websites", Please read to end to see my view point.
From Namecheap:
Free Certificates are domain validation only which means they don't certify the identity of the website owner, they simply ensure a secure connection. Customers can't be sure of the integrity and trustworthiness of the website owner. If you need to secure credit card and personal information on e-commerce websites, free certificates aren't the answer. It's important your customers trust your business is safe enough to hand over these details. To gain this trust, you need a certification of your authenticity, which you can only get with a (paid) Business Validation or Extended Validation SSL Certificates.
https://namecheap.com/security/...
* "To gain this trust, you need a certification of your authenticity"
~ But isn't that just Domain Verification and other Extras, What justifies somebody or business's authenticity? Tax Id, Valid Address, Nobody is going to study the ssl cert to make sure that amazon.com is a valid business and has a tax Id.
* "domain validation only which means they don't certify the identity of the website owner,"
~ Wouldn't this just be the domain validation test that is required when using services like LetsEncrypt using Certbot etc, or are we referencing back to this idea that they look for a Valid Tax Id sort of thing?
* "If you need to secure credit card and personal information on e-commerce websites, free certificates aren't the answer"
~ Why is the paid version going to do double encryption, is the CA going to run a monitoring tool to scan for intrusions like a IDS or IPS? (disregard the use of DNS Validation being in the picture)
Am I missing something, this just seems like well crafted text to get people to buy a cert, I could understand if the encryption was handled differently, Maybe if they checked the site for HSTS or HTTPs Redirect or even, They blocked wildcard SSL before and now with the paid its included, but overall it doesn't sound like anything special. Now I'm not just picking on namecheap because domain.com does the same.14 -
FUCKING SOURCETREE!!!!!!! HOW THE FUCK DO U MANAGE TO BREAK YOURSELF MORE AND MORE...
Got a new PC so had to reinstall and apparently there's a new version, new UI/UX.... works ok... fine... :(
Now after some autoupdates the Bitbucket URL isn't recognized and I need to get a new repo....
I copy the URL (sourcetree://...) from the button but then ST complains some stupid HTTPS SSL cert error..... FUCK!!!
Tried IE, doesn't recognize the URL....
Last resort... I look at the URL itself...
hm.... points to a *.git file
Ok lets use git shell on another repo and get the remote address...
ssh://git@....
FUCK U!!!!!!!!!!!!!!!!!! HAD TO MANUALLY REVERSE ENGINEER AN SSH URL BECAUSE U CANT WORK WITH URSELF...9 -
How would you explain SSL, certificates, and CAs to a layman?
I just spent 30mins trying to explain it to them in a chat (related to Mpngo driver configs and the sslValidatrle flag), they sorta went silent on me so not sure if I explained it or understood the roles/purposes correctly...
One example I used was it prevents a man in the middle attack where your connection gets rerouted to another server. If the CA didn't recognize the cert the new server replies with then it rejects it and prevents the attack.7 -
FINALLY got Chrome to accept my self signed ssl certificate on OSX!!!!
F*ck this has taken waaay to long....
For anyone seeking advice, look here:
https://alexanderzeitler.com/articl...9 -
GoDaddy. Is. The. Worst.
I'm working on an SSL cert domain verification for a client. The chat support tech at GoDaddy has no freaking clue what she's doing. She keeps telling me to follow the same help article I already knew about the first second I heard I needed to do this job. It didn't work. But she keeps going back to it, sure that I'm just a complete and utter moron who doesn't read. Never mind that I have screenshots to prove everything she's telling me is 100% wrong according to every error message this process is generating.
Now she's checking with the "SSL team". Which is code for "I have absolutely no idea what I'm doing and I'm frantically searching the FAQ database to figure out what this SSL thing even is."
That's what the last hour of my life has been. And 20 minutes of that was waiting in the chat queue.5 -
Ok, so i got this new machine and whilst migrating I want to stay online with certain services. So atm there is x.web.nl and y.web.nl both have ssl and one runs on server x and the other on server y. Now is the question how the heck do i forward that ssl file??? I figured i have to do something with my nginx server block. Because that is terminating the cert. Can someone help me out??1
-
Ok can someone explain this to me, i cant get it to function properly on chrome. Others are fine...7
-
!help
Does anyone know how to use certbot on a Debian stretch azure web service app to generate an SSL cert?
I've got the cert generated and Apache to serve it but it's giving me errors.
I need to bind it in azure somehow but I can't figure out how to export the cert.7 -
I've had my site up and working for a few months now (still need to finish building it properly the template project is still half default lol) but because I setup the Nginx server on a digital ocean droplet myself using both for the first time ever I obviously made some mistakes. It was up and running though just always spouting 'nginx[1755018]: nginx: [warn] conflicting server name "jessiejfoley.dev" on 0.0.0.0:443, ignored' whenever I 'nginx -t' or 'java.security.cert.CertificateException' on this server monitor app I have on my phone
But it was up and ssl seemed to be working so I ignored it
today I learned about https://sslshopper.com/ssl-checker...., which told me my intermediate certificates were not functioning properly, I was bored today and didn't wanna be too productive (else boss expects the progress I've made this week every week) and decided to finally go through and see about getting everything fixed properly starting by reinstalling the certs and double checking my commands.
2 hours later I still can't fix the cert errors so I decide to focus on the conflicting name error. Go through the nginx directory cleaning anything non essential or things I put there while trying to figure out how to get it up originally (learned as I was going lol bad practice I know, but it's just a practice site that'll eventually be a portfolio when I feel like making it properly and investing an adequate amount of time)
as soon as I get rid of jessiejfoley_dev.save.3 inside /etc/nginx/conf.d (my actual site is in sites-enabled) my server monitor app stops reporting the cert error and when I check the ssl checker everything is properly working now.
so the easiest problem to fix was actually the cause of all my problems. I'm and idiot and this shows I still have a LONG way to go to actually knowing what I'm doing at all.1 -
Dear facebook/instagram
When in sandbox mode, please dont require https redirects, my localhost server has no concept of what an SSL cert is, its sandbox for a reason.5 -
What is the use of https in local host? Do I really need to enforce it in local server even tho I'll add ssl cert after it gets deployed anyway! For example an express server in localhost .Does it need ssl in local server?8
-
App of a little social network I'm member of didn't connect to the server anymore, since the social network changed their SSL-certification and my smartphone is too dumb to accept the new one.
So, I pulled the source code of the app from GitHub and added some code dealing with SSL-connection-exception-handling.
A warning appears, that there were some errors with the SSL-cert with the question how to proceed and three options:
Quit, Ignore for now, Ignore and don't ask me again.
The code to ignore ssl-errors is just for debug-/develop-purposes, but hey, app with that little "hack" is running only on my phone x)
Now, the app is working again at my smartphone \o/2 -
SSL cert problems
realize new pem file has a different name so now after going down a debug rabbit hole I'm updating the places that used the old file name with the new file name
i guess could've just changed the file name, but at this point im committed (might as well leave the file name alone so i can hope to be less confused next year if the new file's name changes again) and just hoping i can fix the fucking config
i just want shit to work2 -
Was watching OITNB at home when boss called sounded urgent about SSL not working on one of our subdomains. We use a paid cloud app for some of our reports which. So the subdomain is a CNAME to the providers app subdomain. Recently there was an upgrade at our hosting but it shouldn't be related.
Boss: Hey, there is an error prompt when I visit our reporting site with https
Me: That's cos we never installed any SSL cert for that subdomain.
Boss: Well it worked before and you will need to get it fixed.
Me: Wait.. It worked before? How is that possible? We've never set it up and the subdomain is a CNAME pointing to another site which we don't own. The cert will have to load from their server and we have not done any setup with them.
Boss: I'm very sure it worked before the hosting upgrades. All along our customers has been accessing with https.
Me: Okay.... That's something new because and I am pretty SURE the last I checked, the app provider doesn't allow that yet.
* meanwhile I when to search the app provider docs and it says not able to support multiple SSL yet for CNAME
Me: Look, it says so here in the docs.
Boss: Ok, can you try to fix it as its important for the users to not see that error. It has been working all along.
Me: Hmmmm... I'll get back to you.
How do I fix something that didn't exist / broken?? How did it work before??
I know it can be possible to install the cert on the cloud provider end but we haven't done this before. And their support docs says feature not available yet.
Was it magic?? Am I missing something?? Anyway, I've sent an email to the provider's support team and telling them "it worked before" -
working postman request with SSL , pfx cert against microservice
go to do the same thing against different microservice , SSL error , review config, looks like im supplying same certs, etc
FML