Last week I started seeing an Application Blocked by Security Settings dialog when running droid or iPhone previews. The detail says Your security settings have blocked and app signed with an expired or not yet valid certificate from running.
Following the prompts for more info lead me to a second dialog calling out the cordovaFileApplet as the culprit, and to a certificate from IBM Canada Limited that expired Aug 29 2014, which I can see in my Java Console on my Mac. That date lines up with when I started seeing this dialog. A secondary symptom was a warning in the browser after a few minutes about an applet crash.
If it matters, I'm running OS X 10.9.4, Java 1.7.0_67, WL 6.2.0.0 on Luna Java EE 4.4.0, but I saw the same errors with WL6.2 on Kepler.
I got rid of the dialog by adding my server to my exception site list, so problem solved, kind of.
My question is whether this is more than just a personal problem, and what the "production" solution is, since our dev server IP addresses change. Is there a new certificate from IBM Canada that needs to be distributed so others are not bugged by this? How do we distribute this? Thanks.
It seems the Mobile Browser Simulator's Certificate expired on Aug 29 2014, this blocks the applet by default. Until an updated certificate is distributed please use the addition of the server to your exception site list as a workaround.
Related
I have a GCP project. Then I gave permission to a user A with email A#email. They connected it to Firebase and developed a project there with hosting enabled and verified. Then another user B came and I switched the ownership of the project to them and removed A from this. After ownership change, the hosting verification was re-triggered (as expected). However, since 1 week it only shows
I tried searching for other people who had such an issue and nothing came about. I even wrote a bug report but for more than a week nobody has reached out to me and I am worried because the grace period is 1 month and I my project could go down. Have you heard of similar problems?
Edit from comment:
I can confirm that the error comes in Chrome and incognito (version: 80.0.3987.163 (Official Build) (32-bit)) and in Firefox and incognito (version: 72.0.2 (64-bit)). Opening the console gives error 503 for URLs https://clients6.google.com/siteVerification/v1/webResource?verificationMethod=DNS_TXT&alt=json&key= and https://clients6.google.com/siteVerification/v1/token.
The issue was due to my company's license agreement with Google and the way Firebase Hosting is made. More details below.
Strangely enough, using GCP and Firebase require a GCP license. With this license you can do everything from adding/changing/modifing collections/projects. However, the functionality to 'Verify' your hosting site goes through the Google Console which is not included in the license.
Encountered this same thing. The problem turned out that I was using a Google Workspace account that did not have "Google Search Console" enabled for the domain I was logged in on.
To remedy, I had to login to my Workspace Admin, and go turn it on as shown below.
I am using Red Hat 8 (rhel8), my home router is Asus AC5300 running OpenVPN server. But my rhel8 VPN in Network Manager can't not connect to my OpenVPN Server.
Here is the error message I got:
[root#my-machine ~]# journalctl -f
nm-openvpn[30404]: TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only
[root#my-machine ~]# openvpn --version
OpenVPN 2.4.7 x86_64-redhat-linux-gnu
I've tried by adding tls-version-min 1.0 to my .ovpn file but still not working.
Note: In Linux Ubuntu it is working just fine, BUT not Red Hat 8
seems you have a problem with TLS ... take a look to this checks , maybe have to take a look SSL certificates:
Check for Certificate Name Mismatch
In this particular instance, the customer migrating to Kinsta had a certificate name mismatch which was throwing up the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. As you can see from the SSL Labs test below, this is pretty quick and easy to diagnose. As SSL Labs states, a mismatch can be a number of things such as:
The site does not use SSL, but shares an IP address with some other site that does.
The site no longer exists, yet the domain still points to the old IP address, where some other site is now hosted.
The site uses a content delivery network (CDN) that doesn’t support SSL.
The domain name alias is for a website whose name is different, but the alias was not included in the certificate.
Certificate name mismatch
Another easy way to check the current domain name issue on the certificate is to open up Chrome DevTools on the site. Right-click anywhere on the website and click on “Inspect.” Then click on the security tab and click on “View certificate.” The issued domain will show in the certificate information. If this doesn’t match the current site you’re on, this is a problem.
Check issued domain on SSL certificate
Check issued domain on SSL certificate
Remember though, there are wildcard certificates and other variations, but for a typical site, it should match exactly. However, in our case, the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error actually prevented us from being able to check it in Chrome DevTools. That is where a tool like SSL Labs can come in handy.
Check for Old TLS version
Another possible reason is that the TLS version running on the web server is old. Ideally, it should be running at least TLS 1.2 (better yet, TLS 1.3). If you are a Kinsta customer you never have to worry about this as we always upgrade our servers to the latest and greatest supported versions. Kinsta supports TLS 1.3 on all of our servers and our Kinsta CDN. Cloudflare also enables TLS 1.3 by default.
(Suggested reading: if you’re using legacy TLS versions, you might want to fix ERR_SSL_OBSOLETE_VERSION Notifications in Chrome).
This is something the SSL Labs tool can also help with. Under configuration, it will show you the current version of TLS running on the server with that certificate. If it is old, reach out to your host and ask them to update their TLS version.
TLS 1.3 server support
TLS 1.3 server support
Check RC4 Cipher Suite
Another reason according to Google’s documentation for ERR_SSL_VERSION_OR_CIPHER_MISMATCH is that the RC4 cipher suite was removed in Chrome version 48. This is not very common, but it could happen in say larger enterprise deployments that require RC4. Why? Because everything usually takes longer to upgrade and update in bigger and more complex configurations.
Security researchers, Google, and Microsoft recommend that RC4 be disabled. So you should make sure the server configuration is enabled with a different cipher suite. You can view the current cipher suite in the SSL Labs tool (as seen below).
Cipher suite
Cipher suite
Try Clearing the SSL State On Your Computer
Another thing to try is clearing the SSL state in Chrome. Just like clearing your browser’s cache this can sometimes help if things get out of sync. To clear the SSL state in Chrome on Windows, follow these steps:
Click the Google Chrome – Settings icon (Settings) icon, and then click Settings.
Click Show advanced settings.
Under Network, click Change proxy settings. The Internet Properties dialog box appears.
Click the Content tab.
Click “Clear SSL state”, and then click OK.
Restart Chrome.
Clear SSL state in Chrome on Windows
Clear SSL state in Chrome on Windows
If you are on a Mac, see these instructions on how to delete an SSL certificate.
Use a New Operating System
Older operating systems fall out of date with newer technologies such as TLS 1.3 and the latest cipher suites as browsers stop supporting them. Specific components in the latest SSL certs will simply stop working. Google Chrome, in fact, pulled the plug on Windows XP back in 2015. We always recommend upgrading to newer operating systems if possible, such as Windows 10 or the latest version of Mac OS X.
Temporary Disable Antivirus
The last thing we recommend trying if you are still seeing the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error is to ensure you don’t have an antivirus program running. Or try temporarily disabling it. Some antivirus programs create a layer between your browser and the web with their own certificates. This can sometimes cause issues.
I'm having a problem with Microsoft Azure. More specifically, I'm not able to get a mobile app up and running after creation and deployment. When I enter "Quick Start" in mobile apps settings, I get an error saying "Could not install MobileAppsManagement Site Extension" followed by "SettinListPart" and "MICROSOFT_AZURE_MOBILESERVICES". Thus I'm not able to initialize my backend.
I have a DreamSpark subscription (Student) active. I have had no problems with this earlier, and it occurred now that I moved over from free trial to DreamSpark subscription. (Free trial is disabled/inactive)
This seems to be the same or similar problem, however, I find no similar solution.
in azure mobile app quick start don't display result
As long as your site is an F1 Free in the App Service Plan (which is a difference from the trial service), there should be no problems. Steps for troubleshooting:
Go to your site, All Settings, Scale Down and ensure the F1 Free is chosen
You might have a cached permissions issue - do a hard refresh of your browser / clear the cache.
I'm currently implementing the Class 2 WebDAV server on my company's MVC / noSQL web app. I'm developing it locally on my machine using visual studio 2013, IIS 8.5, Windows 8.1 and word 365. The documents are stored in the noSQL database.
I've managed to get it working in the past, however recently word refuses to connect to the WebDAV server. When I click the document link it open word and the following error appears:
{ correct web address} cannot connect to server.
I have used your built in logging tool and fiddler to see if any requests are made to the server and there are none.
Are there any steps or suggestion you can make to help me debug this problem.
After reading the documentation a few times and trial and error I found that word was caching in the registry. I followed the instructions and rebuilt my project and it seems to have worked.
http://www.webdavsystem.com/server/documentation/ms_office_read_only
Clear Microsoft Office WebDAV cache in registry. Microsoft Office reads WebDAV server options when connecting to server first time and stores them for later use. If your server settings has changed during development (or you just fixed some server issues) you may need to delete this settings. The Microsoft Office WebDAV cache is stored under the key:
HKEY_CURRENT_USER\Software\Microsoft\Office\\Common\Internet\Server Cache\
To clear cache just delete all keys under this key. In a development environment we suggest always clearing the cache if your WebDAV server class has changed or after authentication scheme has changed. As an alternative to deleting cache, you can just reconfigure your server to run on a different port.
Note that in production environment usually you do not need to clear this cache or change port as soon as you server settings do not change often while Microsoft Office will re-request server options after some time.
As soon as your code worked in the past and now stopped working I guess that the trial period, which is 1 month, of IT Hit WebDAV Ajax Library has ended. Are there any errors in the web browser console? To start a new trial period just redownload it here.
So today, whenever I try to sign My Blackberry app using the WebWorks packager, I get this error...
"General failure. Please try again. Server may be unavailable".
My proxy settings have not changed and I have been using the same command line instruction with success before.
I've also checked the status of the Blackberry signing server using the following link...
http://isthesigningserverdown.com/chart/index.php?sigType=RBB or RCR or RRT
And everything appears to be online!
So, where could I be going wrong? Here's the command line instruction I've been using. First, I navigate to my Blackberry build folder and run the following instruction against it...
bbwp appname.zip –g <password> –o z:\projects\appname\signed
It goes through through parsing the various elements. The signing tool pops up and then the error is generated.
So, after a couple of days of banging my head against the wall-the answer finally came to me. I'm on a MAC but am also using a Windows virtual machine for Blackberry developement, which is running on another network altogether and this specific network is using a firewall, which, according to the network administrator, is currently experiencing a severe technical problem.
The way round it was to sign my Blackberry app using configured proxy settings to communicate with the signing server and viola! It worked!