Author Topic: admin login says insecure site (.740)  (Read 9409 times)

0 Members and 1 Guest are viewing this topic.

Offline
***
admin login says insecure site (.740)
« on: February 12, 2019, 10:12:16 PM »
even though there is a valid cert for my host name, when I got to login I get the dreaded message saying site is not secure.  However on my .750 version there is no problem.

Can not run update manually because ie7.txt file is not accessable from shell.

Offline
***
Re: admin login says insecure site (.740)
« Reply #1 on: February 13, 2019, 02:55:32 PM »
So I have a valid host ssl cert....see below.  But I have tried three different browsers and 2 different androids.  They all say site is untrusted.

Here is the ssl report  http://cruisemissile.com/ssltest.pdf

Offline
***
Re: admin login says insecure site (.740)
« Reply #2 on: February 13, 2019, 03:30:46 PM »
ok I figured out the problem.  login/index.php refers to http links.  And since the file is encrypted by the authors, there is no way to fix it. :'( :'( :'(

Offline
***
Re: admin login says insecure site (.740)
« Reply #3 on: February 14, 2019, 02:56:18 PM »
Code: [Select]
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="lt-ie9 lt-ie8 lt-ie7" lang="en"> <![endif]-->
<!--[if IE 7]> <html class="lt-ie9 lt-ie8" lang="en"> <![endif]-->
<!--[if IE 8]> <html class="lt-ie9" lang="en"> <![endif]-->
<!--[if gt IE 8]><!--> <html lang="en"> <!--<![endif]-->
<head>
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
  <title>Login | CentOS WebPanel</title>
  <link rel="icon" href="design/img/ico/favicon.ico" type="image/png">
  <link rel="stylesheet" href="design/img/login.css">
  <!--[if lt IE 9]><script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script><![endif]-->
</head>
<body>
  <section class="container">
    <div class="login">
      <img src="design/images/cwp_small.png">
      <h1>Login to CentOS WebPanel
  </h1>
      <form method="post" action="">
        <p><input type="text" name="username" value="" placeholder="Admin Username"></p>
        <p><input type="password" name="password" value="" placeholder="Admin Password"></p>
        <p class="remember_me">
          <label>
            <input type="checkbox" name="fast_login" id="fast_login">
            Fast Login (no stats and checks)
          </label>
        </p>
        <p class="submit"><input type="submit" name="commit" value="Login"></p>
      </form>
    </div>

    <div class="login-help">
       <p>Please use SSL login <a href='https://198.58.96.204:2031/login/index.php'>Click here for SSL login</a>.</p>  

    </div>
  </section>

  <section class="about">
    <p class="about-links">
      <a href="http://centos-webpanel.com" target="_parent">Visit Website</a>
      <a href="http://centos-webpanel.com/installation-instructions" target="_parent">How to Install</a>
    </p>
    <p class="about-author">
      &copy; 2019 <a href="http://centos-webpanel.com" target="_blank">CentOS WebPanel</a>
  control panel for linux
</body>
</html>

Offline
*
Re: admin login says insecure site (.740)
« Reply #4 on: February 14, 2019, 10:41:44 PM »
I think you are confused about ssl for apache and cwp they can use different ssl cert/key files like any other service.
if they use the same files then maybe simply restart of cwp would get you new certs loaded.

apache
https://love.silverbells.us/

cwp
https://love.silverbells.us:2087/
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
***
Re: admin login says insecure site (.740)
« Reply #5 on: February 14, 2019, 11:42:10 PM »
Hello

cert is fine as you can see by the attached pdf above.  The problem is the browser will balk if there are any references to http in the source code.  In this case, centos cwp hyperlink is unsecure.  Same happens if there is an image that is http:, browser will raise a red flag.

Offline
***
Re: admin login says insecure site (.740)
« Reply #6 on: February 14, 2019, 11:43:41 PM »
FYI apache restart was the first thing I did.  Its the http references plain and simple.  Not open to discussion.

Offline
*
Re: admin login says insecure site (.740)
« Reply #7 on: February 15, 2019, 12:01:12 PM »
again, you are mixing https at port 443 and https at port 2087/2031 this are two different services and each of them can have a different certificate and that is the issue you have now.

Note that this test you sent is for port 443 only!
If restart didn't help then you need to check config for cwpsrv, you can find instructions for that on wiki or forum.
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
***
Re: admin login says insecure site (.740)
« Reply #8 on: February 15, 2019, 12:28:25 PM »
I understand that ports are different.  But I didnt create a cert for anything.  All certs were created by cwp after creating hostname.

You will not agree that ANY html hyperlinks on the login page will throw an untrusted error in the browser?  If I have images on any of my websites that are http:// then FF IE and Chrome will say that the site is untrusted.

Ok so i did a check with sslshopper on port 2031 and it says cert expired 36 days ago.  So now what?

« Last Edit: February 15, 2019, 01:09:59 PM by pixelpadre »

Offline
***
Re: admin login says insecure site (.740)
« Reply #9 on: February 15, 2019, 01:45:12 PM »
I dont know why it says cert is expired.  Date on hostname.key certificate file is feb 12 2019

The only thing I noticed is the lack of a love.silverbells.us.csr file in the /etc/pki/tls/certs directory.

On my other server on a different IP there is a .csr file.

But for sure all cert files have a feb 12 2019 date.