New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Properly generate cert for ZAP API and Callback when accessed with IP address #3959
Comments
With 2.6.0 (or dev/weekly)? While proxying or accessing directly? Java version? |
Currently working with a dev build. I am accessing the Url without proxying. (If I am proxying there is no problem with the API). I think Callback is never through proxy right? |
Which revision/commit did you use to build? If it's working while proxying it might be a problem with SNI. (Yeah, for the callback it does not need to proxy just wanted to know if it was working for the API.) No errors in the log when that happens? |
I tried it with the latest commit 8017bc4 The Log output was: |
Yeah, that's a problem with SNI. Which version of Firefox are you using? And what's the "update" Java version? |
Firefox 56 |
The The "Server Name Indication" is defined in the RFC6066. According to the RFC there are no Ip-Addresses allowed:
Maybe a workaround is to issue the certificate with all in Zap used Ip-Addresses and HostNames into the SubjectAlternativeName. |
Right, I assumed you were using the hostname not the IP address. |
…n the browser by an IpAddress. Added the IpAddress to the cert as SubjectAlternativeName.
…n the browser by an IpAddress. Added the IpAddress to the cert as SubjectAlternativeName.
…e browser by an IpAddress. Added the IpAddress to the cert as SubjectAlternativeName.
…e browser by an IpAddress. Added the IpAddress to the cert as SubjectAlternativeName.
… in the issued certificate as iPAddress if hostname is an ipv4 or ipv6 Address. Create valid cert for an SSLEndpoint accessed in the browser by an IpAddress. Added the IpAddress to the cert as SubjectAlternativeName.
… in the issued certificate as iPAddress if hostname is an ipv4 or ipv6 Address. Create valid cert for an SSLEndpoint accessed in the browser by an IpAddress. Added the IpAddress to the cert as SubjectAlternativeName.
… in the issued certificate as iPAddress if hostname is an ipv4 or ipv6 Address. Create valid cert for an SSLEndpoint accessed in the browser by an IpAddress. Added the IpAddress to the cert as SubjectAlternativeName.
… in the issued certificate as iPAddress if hostname is an ipv4 or ipv6 Address. Create valid cert for an SSLEndpoint accessed in the browser by an IpAddress. Added the IpAddress to the cert as SubjectAlternativeName.
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
When I use https within the API or Callback Url I get an error:
Firefox: Secure Connection Failed (SSL_ERROR_INTERNAL_ERROR_ALERT)
Chrome: This site can’t provide a secure connection (ERR_SSL_PROTOCOL_ERROR)
The text was updated successfully, but these errors were encountered: