X
Thinta lapha ukuze uye kuveshini yamakhalekhukhwini kusayithi.

Isithangami Sabeseki

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

Behavoiur of "add exception" button to access insecure website ??

Kuphostiwe

For some websites the add exception button is shown (for insecure connections) while for others it's not. So, what is the behavior of the "add exception" button. How do I disable it for my website to disallow access over insecure connections. find attached images for reference

For some websites the add exception button is shown (for insecure connections) while for others it's not. So, what is the behavior of the "add exception" button. How do I disable it for my website to disallow access over insecure connections. find attached images for reference

Eminye Imininingwane Yohlelo

Fakela amapulagi

Isisebenziso

  • I-ejenti Engumsebenzisi: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0

Eminye Imininingwane

philipp
  • Top 25 Contributor
  • Moderator
5287 izisombululo 23361 izimpendulo
Kuphostiwe

Impendulo Ewusizo

hi, i don't see any attachments, but if your webserver sends a HSTS header, repeat visitors should no longer be able to overwrite certificate errors. https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

hi, i don't see any attachments, but if your webserver sends a HSTS header, repeat visitors should no longer be able to overwrite certificate errors. https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
John99 971 izisombululo 13138 izimpendulo
Kuphostiwe

I realise you are asking about a particular website - your own - and you may be trying to research the subject, but generally an end user would not often see messages about insecure websites.

If you or others often see warnings a passibility is that your security related software is not set up well to work with Firefox. These help articles may be of use to some readers of this thread.

I realise you are asking about a particular website - your own - and you may be trying to research the subject, but generally an end user would not often see messages about insecure websites. If you or others often see warnings a passibility is that your security related software is not set up well to work with Firefox. These help articles may be of use to some readers of this thread. * [[How to troubleshoot the error code "SEC_ERROR_UNKNOWN_ISSUER" on secure websites]] * [[Troubleshoot the "Secure Connection Failed" error message]]

Umnikazi wombuzo

philipp said

hi, i don't see any attachments, but if your webserver sends a HSTS header, repeat visitors should no longer be able to overwrite certificate errors. https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

Hi Philip,

Thanks for the reply. I tried setting the HSTS header in the apache configuration but still it allows me to go on to site with add exception option. I want to disable this option for a website.

please find the attached images for problem reference

''philipp [[#answer-961975|said]]'' <blockquote> hi, i don't see any attachments, but if your webserver sends a HSTS header, repeat visitors should no longer be able to overwrite certificate errors. https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security </blockquote> Hi Philip, Thanks for the reply. I tried setting the HSTS header in the apache configuration but still it allows me to go on to site with add exception option. I want to disable this option for a website. please find the attached images for problem reference
John99 971 izisombululo 13138 izimpendulo
Kuphostiwe

Impendulo Ewusizo

If we know what your site is we can test to find out what we see as first time visitors. If you run your site address against a check site such as

You will get a report confirming you settup and a link to that report.

Is the report for this support site and clearly shows HSTS is in use.

If we know what your site is we can test to find out what we see as first time visitors. If you run your site address against a check site such as * https://www.ssllabs.com/ssltest/ You will get a report confirming you settup and a link to that report. * https://www.ssllabs.com/ssltest/analyze.html?d=support.mozilla.org Is the report for this support site and clearly shows HSTS is in use.
cor-el
  • Top 10 Contributor
  • Moderator
17413 izisombululo 157281 izimpendulo
Kuphostiwe

You can click the SEC_ERROR_UNKNOWN_ISSUER link to expand this section and see the certificate. Then you can attach the certificate text to a reply and we can inspect this certificate.

You can click the SEC_ERROR_UNKNOWN_ISSUER link to expand this section and see the certificate. Then you can attach the certificate text to a reply and we can inspect this certificate.