I am testing d3.js and have a working call to a service, but when I added SSL to service and client, it doesn't work. This is probably due to that the SSL certificate is self signed.
Is there a way in d3.js to have it ignore the SSL error?
Updated 2017-02-28:
A request for code, which I excluded since it is no major thing. Below is a simple call, which actually only retrieves a file with json-formated data. But the issue would be same when calling the actual REST service.
d3.json("https://vbgmysql01.local/d3/data2.json", function(error,json) {
console.log(error);
data = json.devices;
render(data);
});
For this call Chrome (on Windows) gives the following error message
GET https://vbgmysql01.local/d3/data2.json net::ERR_INSECURE_RESPONSE
If I place my webpage on the same server, and first accepts the self signed certificate, then everything will work. But that is obviously not how it will be running when finished.
This is how I solved it. It is not a nice solution, but on the other hand then I should use a real certificate instead.
Connect to the service with the self-signed service. Accept all browser warnings and continue to the site.
Connect to my webpage (in my case using http).
Now data is retrieved, but might require some CORS magic, if not allready present. Thanks for all input.
Related
I am running an Apollo Server with express to create an http server:
const express = require("express");
const cors = require('cors');
const app = express();
const server = new ApolloServer({ ... });
server.applyMiddleware({ app });
// enable pre-flight for cors requests
app.options('*', cors());
// Create the HTTP server
let httpServer = http.createServer(app);
httpServer.listen({ port: config.port });
Locally I can run the server and query it on Apollo Explorer without any issues.
However, when I deploy this server on dev environment, and try to access the Explorer page with the dev endpoint, I get a few errors.
The app.options() line with cors argument somehow seems to have solved part of them but not all.
Errors I am getting (on Dev Tools console):
Failed to load resource: net::ERR_CERT_AUTHORITY_INVALID
POST https://dev.endpoint.service/graphql net::ERR_CERT_AUTHORITY_INVALID
Errors I am getting (as popups on the Explorer page):
Unable to reach server
To diagnose the problem, please run:
npx diagnose-endpoint#1.0.12 --endpoint=https://dev.endpoint.service/graphql
I've tried running the command as instructed in the error and got this result:
Diagnosing https://dev.endpoint.service/graphql
Could not find any problems with the endpoint. Would you please to let us know about this > at explorer-feedback#apollographql.com
Frankly, I'm not even sure I understand the problem.
Am I getting these errors because, even though I launch an http server of Apollo without certificates, I am trying to access it via an https endpoint (which requires certificates)? I have to do this, service is stored in AKS cluster, which is only accessible through the endpoint I am calling. But every service that is already there is also an http service, not https, and is accessible through this same endpoint.
Also, even though these errors are showing up frequently, I am also able to query the server successfully most of the time on Explorer, and the data returned is exactly what I expected, which makes even less sense.
I am using edge browser but also tried chrome, and have the same issues.
How can an error like this be intermittent?
Without any intervention on my part, sometimes it's like this:
Any help, hints, ideas, please.
Thank you so much.
As much as it pains me to admit, it seems the issue is related to the VPN my company is using.
There were a few tells that pointed in this direction, once I started paying attention:
We can't access the endpoint I mentioned without the VPN turned on.
Other services in the AKS behave with the same error, if being called constantly through the same endpoint. I did not think to do that test at first, but when I realized that on Apollo server, the server is constantly doing the introspection thing to check the schema, it means it is being called more often than the other services that do not have this functionality.
We have some monitoring tools, to check the pod statuses and so on, and nothing indicated any problems in this service, or that it needed any kind of pod escalation (due to excessive number of requests).
I actually performed kubectl portforward test linking my localhost directly to the AKS cluster. Calling the service this way bypasses that endpoint which I am, under normal circumstances, forced to use before the request actually reaches the cluster. And I was simultaneously seeing on one window where I was calling the service the normal way showing that error on Apollo Studio, and at the same time on another Apollo Studio window performing the same request with this portforward bypass mechanic, and the latter was working just fine. If it really was a problem with the service, it would be down for both windows.
Other colleagues were testing the service at the same time as me and they were saying the service was working fine for them, until it wasn't. So every developer on my team could be accessing the service at the same time, and the error would just randomly show up for some, but not for others.
There are long periods where the error doesn't occur at all, like during lunch hours, or after work hours, and I assume the VPN traffic will be much lower during those hours.
I am trying to implement my site with SSL. I used the IIS to create a self-signed certificate. But when calling the site using https I keep getting ERR_INSECURE_RESPONSE and never seem to reach the server.
I use Chrome extension 'Advanced Rest client' to call the server.
I have no clue to what to do, appreciate the help...
Recreate the self signed certificate using the following tutorial -
https://technet.microsoft.com/en-us/library/cc753127(v=ws.10).aspx
I've never seen this error specifically but suspect there is an issue with the certificate.
I'm using subscribe endpoint of Instagram and it gives me the following error message if my callback_url is HTTPS; it works fine if callback_url is HTTP; the error message:
{
"meta": {
"error_type": "APISubscriptionError",
"code": 400,
"error_message": "Invalid SSL certificate"
}
}
PS: I saw this thread saying "I think this because I checked the SSL certificate for api.instagram.com and it looks OK"; But I dont know where they exactly checked SSL certificate? I dont see this option in Instagram developer console...
Does this mean the callback_url cannot be HTTPS?
Any idea how I can solve it?
Your Callback URL is probably self-signed certificate. Instagram does not support self-signed certificates.
So you have to use HTTP or Get an SSL certificate for your website.
Also check this thread: https://groups.google.com/forum/?fromgroups=#!topic/instagram-api-developers/MaS4fjo8GXQ
Hey folks,
We've made a couple of changes recently that affected the realtime
API, and we wanted to update you all:
1) We centralized some of our error tracking, which made our previous
"blacklisting" rate limits too aggressive; we've identified this and
have raised these errors, resulting in fewer false positives
2) We
switched the library used for the POST requests, which had the
side-effect of starting to enforce proper SSL certificates. If you've
noticed a drop-off in realtime hooks, please double-check that your
certificate is valid on your host. Going forward, this check will be
made when creating subscriptions, too, so incorrect subscriptions
won't be created.
3) Finally, we've updated the documentation to
reflect that http://ec2-... URLs are often problematic (as we're on
Amazon and they will often resolve locally) and we instead recommend
using the public IP or an Elastic IP for that host.
Thanks, Mike
I am developing a firefox addon, and I need to make https calls. I am given an SSL certificate information (Serial Number, SHA1 Fingerprint, andMD5 Fingerprint). When I try to use the Request module from my main.js I always get a status of 0. I tried the Request module with other http requests which are not secured and it works fine.
So I assume that the 0 status has to do with the SSL certificate.
Although I try to simulate the same requests using Dev-HTTP-Client google chrome plugin and it works fine and I can get proper responses from the https server.
I am not sure but I think I need to use the chrome module Cc["#mozilla.org/security/... to make this work.
If you can guide me with the proper steps to setup the SSL certificate information from inside the addon that would be great
Unfortunately there is no direct way to verify a cert manually and continue with the request. Instead you need to add an override on error yourself and retry.
Attempt to make a regular XMLHttpRequest via nsIXMLHttpRequest. There is enough code and samples around on SO and Google describing how to do it. The requests module won't do, as it hides some necessary details.
Implement nsIBadCertListener2 and stuff it into req.channel.notificationCallbacks (might want to preserve the original callbacks).
If your .notifyCertProblem() get called, that means the cert did not verify. Now it's up to you to verify the cert with your seeded fingerprint (and serial).
If your seeded infos match, add a cert override (that won't work for STS hosts, of course)
Re-spin the request after adding the override, as the first request already got canceled as soon as it hit notifyCertProblem().
Most of the stuff is neatly demonstrated in ErrorPage.jsm of Boot2Gecko (still applies to all other mozilla powered products). That's a cross reference, so click around ;)
Of course, you'll need to use the chrome module.
I should mention that it is deliberate that I'm not giving a complete copy-pasta code solution, only all required pointers, as it is my opinion that a person should be capable enough to work with what I provided, or don't touch security subsystems in the first place.
I have a site which makes AJAX JSONP calls to a secured (SSL) web server. If I use a unsecured (HTTP) web server , everything works fine, but when I change to the SSL version, the call never returns. I've checking with fiddler and the error is following:
The remote server (192.168.150.85) presented a certificate that did not validate, due to RemoteCertificateChainErrors.
This means that some intermediate certificate is missing, but I don't know which one. In any case I need to deal with the situation where some installations has invalid certificate credentials.
It is known, that if you try to execute an AJAX method against a secure URL with a non-trusted or expired certificate the browser will warn your user about that, regardless of how or what you're trying to do. In browser you can accept the risks, even in C# you can implement a callback to accept these risks as well. But I don't know how to do it in Javascript/JQuery.
Do someone have an idea about how to handle this situation?
Thanks!
It seems that this is not possible/recommended. It is indeed not a good idea. We work now with real certificates which is quite cheap (there are even free ones) and easier to manage in our test environment, where we have several mobile devices, types of clients and so on.