HTTP Archives – Gridinsoft Blog https://gridinsoft.com/blogs/tag/http/ Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Mon, 19 Feb 2024 22:30:42 +0000 en-US hourly 1 https://wordpress.org/?v=71131 200474804 “Your Connection is Not Private” Error — Fix Guide https://gridinsoft.com/blogs/your-connection-is-not-private-error-fix/ https://gridinsoft.com/blogs/your-connection-is-not-private-error-fix/#respond Tue, 06 Dec 2022 22:04:52 +0000 https://gridinsoft.com/blogs/?p=12414 When accessing a website in Chrome, an error message can pop up stating that your connection is not private. This indicates that the browser has failed to meet the security requirements. If you see a warning message on your screen with the title “Your Connection is Not Private”, it means your browser isn’t able to… Continue reading “Your Connection is Not Private” Error — Fix Guide

The post “Your Connection is Not Private” Error — Fix Guide appeared first on Gridinsoft Blog.

]]>
When accessing a website in Chrome, an error message can pop up stating that your connection is not private. This indicates that the browser has failed to meet the security requirements.

If you see a warning message on your screen with the title “Your Connection is Not Private”, it means your browser isn’t able to verify the safety of the site. Visiting an unsafe or unsecure website could expose your personal information to potential risks. Each time you open a site, the browser checks the security certificate to ensure the site will protect your privacy. While the certificate is not valid, expired or absent, that’s a potential source of a threat to your privacy.

Why does “Connection Not Private, Google” appear?

Websites protect your data with SSL/TLS encryption. Certificates act as the insurance that the site really encrypts the data and uses proper technology for this purpose. If a user’s browser doesn’t recognize the certificate, the error “Google, Your connection is not private” appears. This error occurs because many websites that use SSL require security over HTTP (HTTPS).

HTTP vs HTTPS

There are numerous reasons why a website’s SSL certificate can’t be verified. One possibility is that it has been tampered with and isn’t functioning as intended. Alternatively, the certificate might have expired or be missing altogether. In any case, the webmaster must correct any error on their site in order to verify it. Even though the steps for each browser are similar, sometimes your device or browser settings might be malfunctioning and unable to connect to the website you’re trying to access. You can usually fix this yourself by following the same process for all browsers.

What the “Your connection is not private” message looks like in any browser other than Chrome.

Each browser displays the “Your connection is not private” message differently. Some even tweak the warning to read, “Your connection is not secure.” Others provide error codes to help you troubleshoot. Most throw up literal warning signs. Here’s what you might see.

Google Chrome

When Google Chrome is having trouble recognizing a certificate, it will display a large red question mark and inform you.

Common Error Codes:

  • ERR_SSL_VERSION_OR_CIPHER_MISMATCH
  • NET::ERR_CERT_AUTHORITY_INVALID
  • ERR_CERT_SYMANTEC_LEGACY
  • NET::ERR_CERT_COMMON_NAME_INVALID
  • NTE::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED The certificate is invalid.

Mozilla Firefox

If Mozilla Firefox fails to recognize the certificate, it will display a lock with a red slash over it as well as the message.

Common error codes:

  • ERROR_SELF_SIGNED_CERT
  • MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED
  • SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE
  • MOZILLA_PKIX_ERROR_MITM_DETECTED
  • SEC_ERROR_OCSP_INVALID_SIGNING_CERT
  • SSL_ERROR_BAD_CERT_DOMAIN

Safari

Other browsers, such as Safari, don’t immediately provide you with error codes. Instead, it’ll return a red lock that has been crossed out and the message:

  • “This connection is not private, Chrome”.
  • “Website may appear to be impersonating domain.com in order to obtain personal or financial information. You should return to the previous page.”

I too might provide a link to the certificate via a "show details" button, this would allow you to understand the potential risks associated with visiting the website.

Microsoft Edge

Microsoft Edge mimics the Google Chrome error message “your connection is not private,” including the red exclamation mark.

Common Error Codes:

  • DLG_FLAGS_INVALID_CA
  • DLG_FLAGS_SEC_CERT_CN_INVALID
  • Error Code: 0
  • NET::ERR_CERT_COMMON_NAME_INVALID

How to correct “Your Connection to This Site is Not Private” Error

1. Reboot the Page

This may seem obvious, but one of the simplest and most effective things you can attempt to resolve the issue by closing and reopening your browser and attempt to load the page again. It’s possible that the website’s owner is currently reissuing their SSL certificate or there was a problem with your browser.

2. Check the Time and Date

While your computer’s date and time are out of sync with those displayed on your browser, this privacy error will appear. Additionally, it may display the SSL certificate of a website as having expired, which would also cause the error. Go into your computer’s settings and adjust the time and date when itф necessary. After that you’ve refreshed the page, reload it.

3. Update your Operating System

Google recommends upgrading your device’s operating system if you get this “the connection is not private” error. An outdated computer may lack the capability or willingness to recognize or utilize updated websites or SSL certificates. To update the operating system on macOS, go to System Preferences > Software Update. After all, check for updates and set them up.

Update macOS

On a Windows computer, enter the Сontrol Panel > Search for update > Check for updates and set up them.

Update Operating System Windows

4. Check the Antivirus Software

Follow the instructions below if you encounter “Your connection is not secure, Chrome. Antivirus and privacy programs can block some secure server certificates or even cripple network connections. They can be protective to the point of preventing your connection from being private. To test this, temporarily disable the software and try browsing.

5. Clear Browsing Data

Computer cookies help make each online session more personalized based on past activity. They can also help increase convenience when purchasing products or logging into websites by remembering personal information and payment methods. However, not having a private connection can cause security concerns as well. Each browser clears cookies differently. Clearing your browsing history removes all private data from your device, but also prevents you from truly enjoying a secure browsing experience.

To delete the history, cache, and other browser data from Google Chrome browser:

  • First of all, enter Settings → Show advanced settings → Clear browsing data under Privacy options.

However if deleting browsing history doesn’t help, you can also reset the browser’s settings to the default.

To reset your Chrome browser settings:

  • Firstly, click on the Chrome menu → Settings → Show advanced settings → Reset settings → Reset.

Deleting the chrome cache and removing unwanted Google Chrome extensions also has a significant impact in this situation.

For data removal in from Mozilla Firefox browser:

  • Tap the menu button and choose Settings.
  • Choose the Privacy & Security panel and enter the Cookies and Site Data section.
  • Click the Clear Data… button. The Clear Data dialog will appear.
  • Clear Data dialog to fix “Your Connection is Not Private” Error

  • You should also select the following options: Cookies and Site Data (to remove login status and site preferences) and Cached Web Content (to remove stored images, scripts and other cached content).
  • Clear the screen.

To delete the cache, history, and other browser data from Safari browser:

  • In order to your history and cookies, go to Settings > Safari, and select Clear History and Website Data. Deleting your history, cookies, and browsing data from Safari will not alter your AutoFill information.
  • Delete your history and cookies

  • Going to remove your cookies and preserve your history, go to Settings > Safari > Advanced > Website Data, then select Remove All Website Data.
  • If you want to avoid leaving a digital footprint, turn Private Browsing on.

To delete the cache, history, and other browser data from Microsoft Edge browser:

  • Choose Settings and more > Settings > Privacy, search, and services.
  • After that under Clear browsing data > Clear browsing data now, choose Choose what to clear.
  • Under Time range, select a time range from the drop-down menu.
  • Select the ways of browsing data you want to clean (see the table for descriptions).
  • For example, you may want to delete cooking and browsing history but keep passwords and form fill data.
  • Select Clear now.

Contact your system administrator

In some situations, you may have no access to the browser settings. That depends on the policies set by your system administrator. If you face connection issues, but cannot open the Settings, ask it for help. Such restrictions usually see usage to prevent any malware-related alterations, but sometimes that can end up with problems with some daily needs.

Stay Safe and Secure While Browsing Online

The error “Your connection is not private, Google” is one of the most beneficial messages you can receive because it protects your personal information. Simply encountering this error isn’t cause for concern, there are numerous innocuous reasons why your connection may not be safe. By attempting the methods listed above, you can efficiently identify and address the cause of the error. If none of the accordingly steps decide the issue, simply leave the website and find another option.

The post “Your Connection is Not Private” Error — Fix Guide appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/your-connection-is-not-private-error-fix/feed/ 0 12414
Safari Can’t Establish a Secure Connection Error https://gridinsoft.com/blogs/safari-cant-establish-secure-connection-how-to-fix/ https://gridinsoft.com/blogs/safari-cant-establish-secure-connection-how-to-fix/#respond Thu, 20 Oct 2022 16:59:40 +0000 https://gridinsoft.com/blogs/?p=11236 The “Safari Can’t Establish a Secure Connection” error message appears when browsing the web on a Mac. It may be met by anyone during their daily routine browsing. These messages often state that Safari has been unable to connect to the server securely. There are multiple reasons why many people encounter this error message in… Continue reading Safari Can’t Establish a Secure Connection Error

The post Safari Can’t Establish a Secure Connection Error appeared first on Gridinsoft Blog.

]]>
The “Safari Can’t Establish a Secure Connection” error message appears when browsing the web on a Mac. It may be met by anyone during their daily routine browsing. These messages often state that Safari has been unable to connect to the server securely. There are multiple reasons why many people encounter this error message in their Safari browser. This post will help you understand the issue and its common causes. It also explains several solutions that can remedy the situation.

What’s the “Safari Can’t Establish a Secure Connection to the Server” Error?

Apple devices come with a security feature that ensures they’re safe and secure while browsing the web. This makes Apple computers one of the safest options for using the Internet.

This is why Safari, the browser that this website was originally intended to be viewed in, sometimes blocks users from accessing a website that it believes isn’t secure. When this happens, the error message displayed will typically state Safari Cannot Open the Page Cannot Establish a Secure Connection.” Error notifications may include different wordings and may appear in any format. As an example, the image above shows a notification that reads “Safari Can’t Open This Page.”

Related Content for Users:
Many problems with the Internet and downloading can be triggered by the problem of the computer freezing. How to prevent PC crashes randomly?

Such notification may appear when you are visiting the site with an SSL certificate expired and an unsecure connection. It means the browser doesn’t trust the encrypted data on the site and also indicates that Safari could not successfully access and verify the information. This can happen if a site doesn’t have its SSL certificate configured properly. It’s important to use Secure Socket Layer (SSL) and the SSH protocol on websites these days. This is especially true for any websites hosting sensitive data such as a WooCommerce store.

What Causes “Safari Can’t Establish a Secure Connection to the Server” Error?

This error message is usually due to one of two reasons: the website you’re trying to access isn’t secure enough or Safari can’t verify that it is.

To properly fix the “Unable to establish a secure connection” problem and solve it, you need to understand why the site is considered unsecured. Sometimes you may not know what the root cause of a problem is until you investigate different possible solutions.

Several common third-party extensions and add-ons cause the error “Safari cannot establish a secure connection to the server”. This error can occur if you have one of these extensions or add-ins installed. Even a minor error can cause “No secure connection to the server” problems. However, it may be something more complicated, like the version of the Internet protocol you use. The most common reason for the error is the expiration of the SSL site certificate.

How To Fix the “Safari Could Not Establish a Secure Connection to the Server” Error (6 Solutions)

Now that we know what the problem is, and its causes, then we can look at a few ways to fix it. With these tips, you can forget about this bug in your browser.

1. Clear Your Browser Data

Every time you visit a browser, Safari saves some of your data in cookies and caches in your browser. If this data contains outdated data that relates to site encryption or SSL, then this may be the reason for the error message. So to fix the “Safari Cannot Establish Secure Connection to the Server” problem, you should first clear the cache. Then, tap on Preferences > Privacy, then choose Remove All Website Data.

Clear cache to deal with Safari Can’t Establish a Secure Connection error
Clear the browser cache in Safari

After you have uploaded, you can choose which sites you want to delete the data from. When you finish, click the Done button at the bottom of the screen. After that, to clear your entire browsing history, you can navigate to Safari > History > Clear History.

Clear history to remove Safari Can’t Establish a Secure Connection error

When you are finished, try visiting the site where the error was displayed. If the error has not disappeared, go to the next solution.

2. Check Your Device’s Date and Time

As odd as it may seem, if your Mac device displays an incorrect date and time, it can sometimes cause problems with Safari. Therefore, it is very important to make sure your time zone and date are set correctly.

To do it, you can tap on the Apple icon, then navigate to System Preferences > Date & Time.

Set the proper date to eliminate Safari Can’t Establish a Secure Connection error
Find the date and time option in the preferences

After that, you can confirm that you’re using the right date and time.

Set date and time
Confirm that you are using the correct date and time

You can also have your device automatically sync to your current location on the Time Zone tab. Once done, you can close the window and try accessing the site again.

3. Change Your DNS Settings

If the error persists, you should check your DNS (Domain Name Server) settings. In short, your DNS is like a phone book, allowing devices and websites to access each other. Safari uses your DNS settings to connect to websites.

If there is a problem with your DNS settings, you may see the “Safari cannot open page secure connection” message. To see if this is the case (and fix it), you can try changing your DNS address. For example, you can use Google’s public DNS. Go to Apple > System Preferences > Network.

Network options
Find the network option in the preferences

From this window, choose your connection, then tap on the Advanced tab, followed by DNS. Next, click on the (+) icon next to IPv4 or IPv6 addresses.

DNS settings macOS
Click on the DNS tab

After that you can enter the new DNS IP addresses. For example, if you want to use Google’s Public DNS, you can type “8.8.8.8” and “8.8.4.4”.

Change DNS settings to remove Safari Can’t Establish a Secure Connection error
Enter the new DNS IP addresses

When you’re finished, tap on the OK button. Recheck the website to see if this process deleted the error message.

4. Uninstall or Disable Your Browser Extensions

As mentioned earlier, extensions or add-ons in your browser can interfere with Safari’s ability to securely connect to websites. This is sometimes common with antivirus programs and security-related extensions.

So, in the next step, try disabling all browser extensions. You can do this by opening Safari, then navigating to Preferences and clicking the Extensions tab.

Disable browser extensions Safari
Disable or uninstall browser extensions

A list of your extensions will appear in the left column. You can disable an add-on by clicking the check mark next to its name.

Once done, try accessing the site again. If this fixes the “Cannot secure connection to server” problem, you need to determine which extension is to blame. You can do this by systematically activating each plugin and visiting the website each time.

5. Disable IPv6

Internet Protocol (IP) is a set of rules that govern how data moves across the Internet. IPv6 is a newer protocol version. However, some websites still use the old version of IPv4. If this is the case, you may see the “Safari cannot establish a secure connection” message.

So you can try disabling IPv6 on your network. To do this, navigate to System Preferences > Network again, then click your network connection, then click the Advanced button.

On the TCP/IP tab, click the drop-down menu under Configure IPv6 and select Manual.

IPv6 configurations macOS
Configure IPv6 and select Manually

When done, click the OK button. If IPv6 is the problem, this should do the trick. If not, you can try the last solution.

6. Make Sure Keychain Trusts the Certificate

We’ve already mentioned that sometimes Safari may display a connection error message if it cannot verify the validity of a website’s SSL certificate. If this is the case, you can fix this by configuring the settings in the macOS Keychain Access app.

Keychain Access is an application that stores your passwords, account information, and application certificates. It protects your data and can control which websites your device trusts. So you can tell it to accept SSL certificates for websites in the future.

To do this, go to the website that displayed the error message, then click the lock icon to the left of the address bar, then click View/View Certificate > Details.

Check cert trust Keychain
Check if Keychain trusts the certificate

With the details pane expanded, click Ctrl + Spacebar. The Spotlight search bar will appear in the upper right corner of the screen. In the search box, enter "keychain".

Then click the system root directory on the left. Find the website’s certificate. Once you find it, go to the “Trust” section. Then click the drop-down menu next to the “When using this certificate” section and select “Always Trust”:

Change certificate trust settings
Select the “Always Trust” option

That’s it! You should now be able to successfully access the website without the “Safari Cannot Open the Page Secure Connection” error.

Safari Can’t Establish a Secure Connection Error

The post Safari Can’t Establish a Secure Connection Error appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/safari-cant-establish-secure-connection-how-to-fix/feed/ 0 11236
Difference HTTPS vs. HTTP? Why is HTTP not secure? https://gridinsoft.com/blogs/http-vs-https/ https://gridinsoft.com/blogs/http-vs-https/#comments Tue, 27 Sep 2022 12:56:45 +0000 https://gridinsoft.com/blogs/?p=10748 Any web page is stored on a server, a computer that is permanently connected to the Internet. When you follow a link or enter a domain name in the address bar, the browser finds the desired server and downloads the page content. The same happens when you enter your account username and password on the… Continue reading Difference HTTPS vs. HTTP? Why is HTTP not secure?

The post Difference HTTPS vs. HTTP? Why is HTTP not secure? appeared first on Gridinsoft Blog.

]]>
Any web page is stored on a server, a computer that is permanently connected to the Internet. When you follow a link or enter a domain name in the address bar, the browser finds the desired server and downloads the page content. The same happens when you enter your account username and password on the site and click “Login.” The browser sends that details to the server. The server checks the data and sends the browser a page with the account open. This is how the browser and the server exchange data when you play a video on YouTube, go to Facebook, open an email or enter your bank card data to pay for online purchases. Some data is constantly being transmitted in different directions. You may have noticed that some links start with HTTP and others with HTTPS. Now we will explain what these letters mean and how they differ from each other.

What is HTTP?

HTTP is a widespread data transfer protocol designed initially to transmit hypertext documents (that is, documents that can contain links that allow navigation to other documents). It was invented in 1990, along with HTML, to create the first interactive text-based web browser: the original World Wide Web. However, today, the protocol remains one of the primary uses of the Internet. But HTTP has a major drawback – it’s inherently insecure because it doesn’t use encryption. This allowed a hacker to view all the content. In addition, HTTP is unacceptable for businesses because it risks customers’ personal information. With HTTP, the identity of the client and server is not verified, they can be spoofed, and the integrity of the message cannot be proven.

Difference HTTPS vs. HTTP? Why is HTTP not secure?
If you get to an unsecured website, the browser will warn you

What Does HTTP stand for?

HTTP stands for HyperText Transfer Protocol. According to the OSI specification, it is an application layer seven protocol, and the current version of the protocol, HTTP 1.1, is described in RFC 2616. When you open a web page using HTTP, your web browser uses the Hypertext Transfer Protocol (on port 80) to request the page from a web server. When the server receives the request, it uses the same protocol to send the page back to you. This protocol is the basis for large, feature-rich systems with multiple inputs, such as the Internet. Without this foundation of communication processes, the Internet as we know it could not function because links require HTTP to work correctly. However, HTTP sends and receives data as plain text. This means that when you’re on a website using HTTP, anyone listening on the network can see everything that is transmitted between your browser and the server. This includes passwords, messages, files, and other things that should not be seen by a third party.

What is an HTTP request and HTTP response?

When a user interacts with web resources, HTTP requests are generated by the user’s browser. For example, if a user clicks a hyperlink, the browser will send a series of “HTTP GET” requests for the content displayed on that page. These HTTP requests are sent either to the source server or a caching proxy server, and that server generates an HTTP response. HTTP responses are responses to HTTP requests.

Difference HTTPS vs. HTTP? Why is HTTP not secure?
This is how the connection between the web browser and the server

What does a HTTP request look like?

Usually, an HTTP request is a set of lines of text corresponding to the HTTP protocol. For example, a GET request can look like this:

GET /hello.txt HTTP/1.1
User-Agent: curl/7.63.0 libcurl/7.63.0 OpenSSL/1.1.l zlib/1.2.11
Host: www.example.com
Accept-Language: en

This is a part of text generated by a browser, which is sent over the Internet. The main problem is that it is shipped precisely as plain text, which can be read by anyone monitoring the connection. This is especially essential when users send sensitive data via a Web site or Web application. That way, passwords, credit card numbers, or any other data entered into the form are sent in clear text, making them available to others. (When the user submits the form, the browser converts it to an HTTP POST request instead of an HTTP GET request.)

When the server receives the HTTP request, it sends an HTTP response, which usually looks like this:

HTTP/1.1 200 OK
Date: Wed, 30 Jan 2021 12:14:39 GMT
Server: Apache
Last-Modified: Mon, 28 Jan 2021 11:17:01 GMT
Accept-Ranges: bytes
Content-Length: 12
Vary: Accept-Encoding
Content-Type: text/plain

Hello World!

As mentioned earlier, if a website uses HTTP instead of HTTPS, all of these requests and responses can be read by anyone. Therefore, an attacker can read the text in a request or response and thus know what information someone is requesting, sending, or receiving.

What is HTTPS?

HTTPS is similar to HTTP, with the critical difference being that it is secure. The Secure Hypertext Transfer Protocol uses SSL (Secure Sockets Layer) or TLS (Transport Layer Security), which packs and transfers data between your browser and the server in a secure, encrypted tunnel over port 443. Unlike HTTP, this method makes it very difficult for packet sniffers to decrypt.

What Does HTTPS Mean?

S in HTTPS stands for “secure”. Because HTTPS uses TLS or SSL to encrypt HTTP requests and responses, an attacker will see a set of random characters instead of text in the above example.

Instead of the above:

GET /hello.txt HTTP/1.1
User-Agent: curl/7.63.0 libcurl/7.63.0 OpenSSL/1.1.l zlib/1.2.11
Host: www.example.com
Accept-Language: en

The attacker sees the following:

t8Fw6T8UV81pQfyhDkhebuz7+oiwldr1j2gHBB3L3RFTRsQCpaSnSBZ78Vme+DpDVJPvZdZUZHpzbqcqmSW1+3xXGsERHg9YDmpYk0VVDiRvw1H5miNieJeJ/FNUjgH0BmVRWpI6+T4MnDwmCMZUI/orxP3HGwYCSIvyS3MpmmSe4iaWKCOHQ==

So what are TLS and SSL in online security? Although TLS is the successor to SSL, you may still hear HTTPS referred to as HTTP over SSL. A website needs an SSL certificate to ensure the security of user data. It also confirms ownership of the website, prevents intruders from creating a fake version of the site, and gains users’ trust. TLS and SSL are especially useful when shopping online. They keep financial data secure and are used on any website that requires sensitive data such as passwords, personal information, and payment details).

Another significant advantage of HTTPS is that it is much faster, which helps web pages load faster. So, since HTTPS is already considered secure, there is no need to do data scanning or filtering, which reduces the amount of data transferred. The easiest way to find out if the website you are on is using HTTPS or not is to look for the padlock icon to the left of the URL.

Difference HTTPS vs. HTTP? Why is HTTP not secure?
If you see this, then your connection is secure

How does TLS/SSL encrypt HTTP requests and responses?

TLS uses a technology called public-key cryptography. There are two public and private keys, and the public key is sent to the client devices via the server’s SSL certificate. After the client opens a connection to the server, the two devices use the public and private keys to negotiate new keys, called session keys, to encrypt further communications between them. Further, all HTTP requests and responses are encrypted with these session keys, so anyone intercepting the messages can only see a random string of characters instead of the plaintext.

How does HTTPS help authenticate web servers?

HTTP has no identity verification based on the principle of trust. Authentication means verifying that a person or machine is who they say they are. Although the architects of HTTP didn’t decide to trust all web servers implicitly, they had other priorities than security at the time. In today’s Internet, however, authentication is essential. Just as an ID verifies a person’s identity, a private key verifies a server’s identity. When a client opens a channel with the originating server (for example, when a user goes to a website), possessing a private key that matches the public key in a website’s SSL certificate proves that the server is the legitimate website host. This prevents or helps block many possible attacks without authentication, such as On-path attacks, DNS hijacking, BGP hijacking, and domain spoofing. In addition, an SSL certificate is digitally signed by the certificate authority that issued it. This ensures that the server is whom it says it is.

The post Difference HTTPS vs. HTTP? Why is HTTP not secure? appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/http-vs-https/feed/ 1 10748