[tiwil]

As I seen Conan post here when he got SSL on VNC not working. I will post it here too.

Just only the SSL and I got warning about unencrypted connection while I'm connecting to VNC.

Take a look:

[Mashiro]

Oh it works all right. The provider is just using a self signed certificate for it. Do you know what self signed (SSL) certificates are? It is a certificate that was created locally on the server and has been signed by the server instead of a Certificate Authority like Let's Encrypt or similar.

These self signed certificates aren't less secure than those that are signed by trusted certificate authorities. The only difference is that browsers don't 'trust' self signed certificates and show such kind of error pagee. The encryption of traffic however is fully intact and working.

So untick the "Warn me every time" option and continue on.

[deanhills]

Oh it works all right. The provider is just using a self signed certificate for it. Do you know what self signed (SSL) certificates are? It is a certificate that was created locally on the server and has been signed by the server instead of a Certificate Authority like Let's Encrypt or similar.

These self signed certificates aren't less secure than those that are signed by trusted certificate authorities. The only difference is that browsers don't 'trust' self signed certificates and show such kind of error pagee. The encryption of traffic however is fully intact and working.

So untick the "Warn me every time" option and continue on.

I've had these with my shared hosting accounts for ages.  Like with cpanel and WHM I always have to click my way out of those pop-up warnings from the browsers and never had a problem doing that - I sort of accepted it.  I'm getting worried though as both my two browsers Mozilla Firefox and Google seem to be getting stricter and stricter over the last year in particular.  Like in the past I was able to save the cpanel and WHM URLs as safe sites, but they no longer allow that.  Like it's almost as though they're getting hostile towards the self-signed certificate websites putting up a huge warning that it is unsafe to proceed.  It's totally annoying how overly protective the mainline browsers are getting with self-signed certificates.  Hopefully they won't block those eventually.

[Mashiro]

[..]

Like in the past I was able to save the cpanel and WHM URLs as safe sites, but they no longer allow that.  Like it's almost as though they're getting hostile towards the self-signed certificate websites putting up a huge warning that it is unsafe to proceed.  It's totally annoying how overly protective the mainline browsers are getting with self-signed certificates.  Hopefully they won't block those eventually.

Oh, you can be 100% sure they are getting hostile towards self signed and not encrypted websites. They keep adding more and more warnings regarding this with like almost every major version upgrade. The future will be worse. Chrome already marks normal HTTP sites as completely insecure and on normal SSL sites it doesn't even show the green lock anymore.

The reasons are a bit understandable though. They're pushing the use of encryption a lot to make the web more secure for information. With Let's Encrypt you can get a wildcard certificate for gratis. With automatic certificate renewal configure and so on you never have to worry about expiration of the certificates or similar.

Speaking about "I was able to save the cpanel and WHM URLs as safe sites, but they no longer allow that.". I can still do that on the newest Firefox. It allows to add temporary exceptions or you can add the exception as permanent and in that case it will download the SSL certificate of the site into the user certificate storage of your browser profile.

[tiwil]

@"Hidden Refuge" and @deanhills,

I was referring with this thread: https://post4vps.com/thread-1735.html.
OP on that topic have the same problem too, SSL not working. So I think I should report this too.

And, from what I know, I never face this issue before. So it should be my first time issue with VNC SSL.

[Mashiro]

@tiwil

If you have read the topic properly you would see that the sponsor @cubedata has fixed the issue already.

Eitherway let's summon @cubedata

[humanpuff69]

Unencrypted connection mean that network administrator , your isp , anyone who can monitor your traffic can easily see what you are doing with vnc . even worse the password can easily be obtained because there are no encryption . If you belive that you are probably safe than just ignore the message but still extra protection is always a good thing

[cubedata]

what now is wrong with my SSL? as it appears HTML5 VNC in solusvm works fine, doesn't have any SSL Issues.
are you using a different vnc client then?


novnc works fine with SSL working as well so not sure what you are talking about.

[Mashiro]

Ah god!

@tiwil Sorry there has been a misunderstanding on my side. I just realized you were using a VNC client when I got to a real computer to look at the topic. Unfortunately VNC cannot be encrypted because it isn't an protocol with encryption functions. The only way to encrypt it would be to run it through a dedicated VPN or SSH tunnel.

This is not an option though for SolusVM VNC. Instead use the browser noVNC version inside SolusVM if you need encrypted VNC access (requires a HTML5 browser).

[cubedata]

also @tiwil the vnc on the node itself you are accessing is secured by a self signed ssl certificate, there is no documentation for solusvm to change the self signed ssl certificate so for now just use the html5 vnc viewer in solusvm(which is secured and documentation is available to change novnc ssl cert) even though you are still secured anyway even with a self signed ssl certificate.