Page 1 of 1

Self signed SSL certificate warning

Posted: Fri Aug 18, 2017 11:55 am
by maple-Lee
Dear members,

Google Webmaster Tools sent an alert email for me: Self signed SSL/TLS certificate

To: Webmaster of https://www.mapleflorist.com.my/

Google has detected that the SSL/TLS certificate used on https://www.mapleflorist.com.my/ is self-signed, which means that it was issued by your server rather than by a Certificate Authority. Because only Certificate Authorities are considered trusted sources for SSL/TLS certificates, your certificate cannot be trusted by most of the browsers. In addition, a self-signed certificate means that your content is not authenticated, it can be modified, and your user’s data or browsing behavior can be intercepted by a third-party. As a result, many web browsers will block users by displaying a security warning message when your site is accessed. This is done to protect users’ browsing behavior from being intercepted by a third party, which can happen on sites that are not secure.

i have contact my hosting company, they replied me "This should be detect by last time your SSL was no renew.", For now should be no more problem.
but i still received the warn email. im using the following Self signed SSL certificate.

Comodo SSL Certificate & HTTPS

DO i need to change the SSL certificate issued by a valid Certificate Authority?

Re: Self signed SSL certificate warning

Posted: Fri Aug 18, 2017 12:12 pm
by rjcalifornia
Yes, you need to get an SSL certificate from a verified authority. You can get one free here:

https://www.sslforfree.com/

Re: Self signed SSL certificate warning

Posted: Fri Aug 18, 2017 12:59 pm
by maple-Lee
May i know above https://www.sslforfree.com/ is issued by a certificate authority??

Re: Self signed SSL certificate warning

Posted: Fri Aug 18, 2017 9:50 pm
by victorj
Your certificaten is issues by comodo and they are a trusted company.
Its a trusted and valid certificat.

Re: Self signed SSL certificate warning

Posted: Sat Aug 19, 2017 12:31 pm
by maple-Lee
I have check is issue from COMODO RSA Domain Validation Secure Server CA, isnt a trusted company ?

Re: Self signed SSL certificate warning

Posted: Tue Aug 22, 2017 12:37 pm
by rjcalifornia
maple-Lee wrote:
Fri Aug 18, 2017 12:59 pm
May i know above https://www.sslforfree.com/ is issued by a certificate authority??
Well, they simplify the processto get SSL certificates from Let's Encrypt CA. You can read more about them here:

https://letsencrypt.org/about/

Re: Self signed SSL certificate warning

Posted: Sat Oct 14, 2017 7:44 am
by Dhaupin
If you are using a cPanel server/host, you can generate a free SSL using AutoSSL. This will be either Comodo or LetsEncrypt. This is the recommended way for this type of hosting plan.

Then you need to enforce SSL everywhere. You can do this with htaccess but there will still be errors and http stuff trying to generate (like links/menus/media). We have 2 modules that can help solve this forced SSL once your certificate is live:

1.5.x - https://www.opencart.com/index.php?rout ... n_id=19396
3.x - https://www.opencart.com/index.php?rout ... n_id=32053