|
Author | Why do I get certificate errors with the demo projects? |
Henrick Wibell Hellström 2018-03-21 10:09:03 Registered user |
Q: I have built a simple test https application, which imports one of the demo server.pfx files. But when I open my website I still receive a certificate error. What am I doing wrong?
A: You are not doing anything wrong. You are just experiencing a feature of the web browser. The demo server.pfx files are not issued by a CA that your web browser recognizes, they are just demo certificates. You are supposed to get a browser warning, so you don't accidentally deploy your server with demo certificates that have been shared with thousands of other developers. Also, the demo certificates are typically tied to the 'localhost' host name. The common name of the certificate has to match the host name part of the URL your browser is attempting to connect to. That said, some browsers will not accept certificates with a numerical IP-address or 'localhost' as common name, even if it does match the URL. Another potential problem is that certificates expire. The demo certificates have typically been created with a ten year expiration period, but even that will eventually expire. Also, most CAs will currently issue certificates with a maximum validity period of two years. Many contemporary browsers enforce this policy by setting off warnings if a certificate does not comply with the policy. |