3 Replies Latest reply on Mar 13, 2019 10:20 AM by Zane Ouimet

    BrowserPrint SSL Certificate issues

    Zane Ouimet

      We are serving the Browser Print from an HTTPS site.

      We are on version 1.2.1.279.

      When attempting to print we often have issue where Chrome just refuses to connect to the BrowserPrint service due to SSL issues.

      Manually visiting: https://localhost:9101/ssl_support can sometimes fix it but then Chrome displays a security error and there is no way to detect if the requests are failing due to an SSL issue.

       

      The workflow is

      1. Install BrowserPrint
      2. Accept SSL
      3. Visit our site
      4. Print

       

      Is there a way we can:

      1. Prompt the user when the SSL certificate is the cause
      2. Have Chrome consider the certificate safe
      3. Not have the certificate expire

      We are looking for a more seamless way to setup and verify the connection to BrowserPrint.

      There are some related threads: Browser Print Error - Possibly Security Issue, SSL certificate and Browser Print but they are dead.

       

      Also we are seeing the Error: net::ERR_CERT_COMMON_NAME_INVALID

      Which as described here seems to be due to a change in how Chrome handles part of the certificate verification:

      Error: "Subject Alternative Name Missing" or NET::ERR_CERT_COMMON_NAME_INVALID or "Your connection is not private" - Goo…

       

      Firefox/Postmat displays a warning about a self signed certificate which i thought was removed in this version:

      localhost:9101 uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is only valid for . Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT

       

      I've also found in the source of the latest BrowserPrint SDK:

      f = "http://127.0.0.1:9100/";
          0 <= navigator.userAgent.indexOf("Trident/7.0") && "https:" === location.protocol && (f = "https://localhost:9101/");
      

      This obfuscated code is making all non-Trident/7.0 browsers hit the non-SSL endpoint on BrowserPrint. Chrome will not allow this and will fail.