Follow

Self-Signed SSL Certificate in Local Profiler Causes Browser Warning

When visiting a site that uses a self-signed SSL certificate, browsers will often present a warning that the site is not to be trusted (sometimes saying the site may be "dangerous" and/or "potentially fraudulent").  Most browsers will force the end user to confirm that they are willing to trust the certificate prior to loading the page.  This is normal when dealing with self-signed certificates, and it is completely safe to accept the self-signed certificate that was generated when you deployed the PaaSLane local profiler.

For our customers utilizing our local profiling capability, PaaSLane provides a link to the customer's local profiler when uploading an application for profiling. This link opens a page which connects to the local agent.  The first time this is done from a given browser, the warnings described above will usually occur.

To avoid/eliminate this warning, customers have three choices:

  1. Add the self-signed certificate as a trusted certificate in the browser (instructions detailed below).  This only has to be done once from any browser used to access PaaSLane.
  2. Replace the self-signed certificate with an SSL certificate obtained from a recognized SSL certificate authority (Examples: Symantec, Comodo).
  3. Connect without SSL (not recommended). 

Instructing browsers to trust the self-signed certificate

The following sections demonstrate how to trust the self-signed certificate in the three most common browsers.  Jump to: Chrome | Firefox | Internet Explorer  | Safari

 Google Chrome

Click on Proceed anyway to bypass SSL warning in Chrome.

 

Mozilla FireFox

Click on I Understand the Risks, then click on Add Exception....

Next click on Get Certificate, and finally Confirm Security Exception to bypass SSL warning in FireFox.

 

Microsoft Internet Explorer

internet explorer self signed ssl warning

When you see this popup, close the popup, and then in the main PaaSLane browser window, click on Internet Options on the Tools menu item, choose Trusted Sites and then click the Sites button

 

From the resulting modal (below), click Add to add your prefilled site to the list of trusted sites. (This should be the site associated with your local profiler. e.g. https://my.local.profiler )

Click Close and then OK to return to the main browser window.

Reload the page and click “Test Connection to Profiler”. Click Continue to this website( not recomended).

When prompted, click the red error message and then View certificates as shown below.

Click the Install Certificate button on the resulting dialog which will take you into a Certificate Import Wizzard.

In the wizard click Next to begin, choose Place all certificates in the following store and then click the Browse button as shown below.

After clicking the Browse button, select the Trusted Root Certification Authorities option and click OK to return to the wizard.

When back in the wizard, choose Next and then Finish. After this, a Security Warning will be presented letting you know that you are about to install this certificate.

If you are comfortable with this, select ok and then ok again to get out.

Then close popup, and again return to the main PaaSLane browser window and return to Internet Options -> Security -> Trusted Sites -> Sites and remove your site from the list of trusted sites.  Click Close and then OK to return to the main browser window.

Click “Test Connection to Profiler”.  This should now bring up the popup with no warnings.

At this point you should be fine.

 

Safari

Click the Show Certificate button

 

Open the Trust option below the certificate image.

 

Select Always Trust in the drop-down “When using this certificate”

Then, click Continue.

 

Remember, this warning is simply letting you know that the SSL certificate was self-signed. In the case of accessing your own server this isn't a problem at all, and you can simply tell your web-browser to accept the self-signed SSL certificate and continue.

Where you would typically take caution on these types of errors would be if you were accessing your bank or a credit card's website, as that could be an indication your secure data isn't properly going to the right server.

 

Comments

Powered by Zendesk