Finally fixed it. Post the answer here as reference. Export company trusted root certificate with .cer extension. Somthing naming external root certificate Convert the ca file to .pem file using openssl x509 -in xxx.cer -inform der -outform pem -out xxx.pem Then on the centos 7 os: Install the ca-certificates package: yum install ca-certificates Enable the dynamic … Read more
The way I’ve done it before is basically like what you wrote, but doesn’t have any hardcoded values:if($_SERVER[“HTTPS”] != “on”) { header(“Location: https://” . $_SERVER[“HTTP_HOST”] . $_SERVER[“REQUEST_URI”]); exit(); }
Attempt 2 was close to perfect. Just modify it slightly:
This should always work even when $_SERVER[‘HTTPS’] is undefined: The code is compatible with IIS. From the PHP.net documentation and user comments : Set to a non-empty value if the script was queried through the HTTPS protocol. Note that when using ISAPI with IIS, the value will be “off” if the request was not made … Read more
“Mixed Content” warnings occur when an HTTPS page is asked to load a resource over HTTP. This is dangerous because the insecure resources are vulnerable to alteration by an active attacker or eavesdropping by a passive attacker, which violates the user’s expectation of security for an HTTPS page. https://developers.google.com/web/fundamentals/security/prevent-mixed-content/fixing-mixed-content?hl=en
I found this blog post which cleared up a few things. To quote the most relevant bit: Mixed Active Content is now blocked by default in Firefox 23! What is Mixed Content?When a user visits a page served over HTTP, their connection is open for eavesdropping and man-in-the-middle (MITM) attacks. When a user visits a … Read more
As already pointed out in a comment: the site has a bad SSL implementation as can be seen from the SSLLabs report. The main part of this report regarding your problem is: This server’s certificate chain is incomplete. Grade capped to B. This means that the server is not sending the full certificate chain as is … Read more
According to Network security configuration – Starting with Android 9 (API level 28), cleartext support is disabled by default. Also have a look at Android M and the war on cleartext traffic Codelabs explanation from Google Option 1 – First try hitting the URL with “https://” instead of “http://” Option 2 – Create file res/xml/network_security_config.xml … Read more
You have to make sure the port you are connecting to is port 443 instead of port 80. Example of explicitly setting the port to be used in the URL:
Yes an Untrusted certificate can cause this. Look at the certificate path for the webservice by opening the websservice in a browser and use the browser tools to look at the certificate path. You may need to install one or more intermediate certificates onto the computer calling the webservice. In the browser you may see … Read more