SSL Localhost 隐私错误
SSL Localhost Privacy error
我在本地主机 (wamp) 上设置了 ssl,我用 GnuWIn32 制作了 ssl crt。
当我尝试在 Chrome 中使用 fb 登录时,我收到以下消息:
URL:
https://localhost/ServerSide/fb-callback.php?code=.....#_=_
错误:
Your connection is not private.
Attackers might be trying to steal your information from localhost (for example, passwords, messages, or credit cards). NET::ERR_CERT_INVALID.
localhost normally uses encryption to protect your information. When Chrome tried to connect to localhost this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be localhost, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.
You cannot visit localhost right now because the website sent scrambled credentials that Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.
我的 SSL 配置:
Listen 443
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:c:/wamp/www/ssl/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost *:443>
DocumentRoot "c:/wamp/www"
ServerName localhost:443
ServerAdmin admin@example.com
ErrorLog "c:/wamp/logs/error.log"
TransferLog "c:/wamp/logs/access.log"
SSLEngine on
SSLCertificateFile "c:/wamp/www/ssl/ia.crt"
SSLCertificateKeyFile "c:/wamp/www/ssl/ia.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "c:/Apache24/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "c:/wamp/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
我的问题是如何在本地主机上设置有效的 SSL 证书?还是我需要编辑我的配置?
在 Chrome 中,您可以使用 url chrome://flags/#allow-insecure-localhost 来允许不安全的本地主机。有关详细信息,请参阅 this Stack Overflow。
更新:确认了arda-basoglu的步骤,这也有效:
- 当您在 Chrome、
上看到“您的连接不是私人连接...NET::ERR_CERT_INVALID”警告时
- 只需输入“thisisunsafe”(任何地方...主要听众拿起它)然后等待。
1. 当您看到 “您的连接不是私有的...NET::ERR_CERT_INVALID” 警告时Chrome,
2. 只需输入 "thisisunsafe" 然后等待。
注:上次测试时,Chrome最新版本为96.0.4664.110
Your connection is not private
Attackers might be trying to steal your information from 10.10.10.10 (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_INVALID
直接在同一 chrome 页面上输入“badidea”或“thisisunsafe”。
如果您真的确定您尝试的 link 是安全的,请执行此操作。就我而言,我尝试使用 vagrant 和 virtualbox
在本地设置 stackstorm
Chrome 版本:版本 92.0.4515.131(正式版)(x86_64)。
Source
我在本地主机 (wamp) 上设置了 ssl,我用 GnuWIn32 制作了 ssl crt。
当我尝试在 Chrome 中使用 fb 登录时,我收到以下消息:
URL:
https://localhost/ServerSide/fb-callback.php?code=.....#_=_
错误:
Your connection is not private.
Attackers might be trying to steal your information from localhost (for example, passwords, messages, or credit cards). NET::ERR_CERT_INVALID. localhost normally uses encryption to protect your information. When Chrome tried to connect to localhost this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be localhost, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.You cannot visit localhost right now because the website sent scrambled credentials that Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.
我的 SSL 配置:
Listen 443
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:c:/wamp/www/ssl/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost *:443>
DocumentRoot "c:/wamp/www"
ServerName localhost:443
ServerAdmin admin@example.com
ErrorLog "c:/wamp/logs/error.log"
TransferLog "c:/wamp/logs/access.log"
SSLEngine on
SSLCertificateFile "c:/wamp/www/ssl/ia.crt"
SSLCertificateKeyFile "c:/wamp/www/ssl/ia.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "c:/Apache24/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "c:/wamp/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
我的问题是如何在本地主机上设置有效的 SSL 证书?还是我需要编辑我的配置?
在 Chrome 中,您可以使用 url chrome://flags/#allow-insecure-localhost 来允许不安全的本地主机。有关详细信息,请参阅 this Stack Overflow。
更新:确认了arda-basoglu的步骤,这也有效:
- 当您在 Chrome、 上看到“您的连接不是私人连接...NET::ERR_CERT_INVALID”警告时
- 只需输入“thisisunsafe”(任何地方...主要听众拿起它)然后等待。
1. 当您看到 “您的连接不是私有的...NET::ERR_CERT_INVALID” 警告时Chrome,
2. 只需输入 "thisisunsafe" 然后等待。
注:上次测试时,Chrome最新版本为96.0.4664.110
Your connection is not private
Attackers might be trying to steal your information from 10.10.10.10 (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_INVALID
直接在同一 chrome 页面上输入“badidea”或“thisisunsafe”。
如果您真的确定您尝试的 link 是安全的,请执行此操作。就我而言,我尝试使用 vagrant 和 virtualbox
在本地设置 stackstormChrome 版本:版本 92.0.4515.131(正式版)(x86_64)。 Source