Reputation: 898
I'm playing with jQuery to strengthen my front end skills and have run into an error that I hope is caused by an SSL cert issue.
I went to the raw url of the API I was trying to use and it gave me this warning in chrome:
The site's security certificate is not trusted!
You attempted to reach theAPI, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications.
Here is the basic code set up I was using (pulled from here):
<body>
<div class="results"></div>
<script>
$( document ).ready(function() {
$.ajax({
url: "https:theAPI",
cache: false,
success: function(html){
$(".results").append(html);
}
});
});
</script>
</body>
Should I investigate my setup more or is there a valid issue from the SSL cert that would roadblock me?
Upvotes: 1
Views: 16375
Reputation: 71422
You have two problems. First, the self-signed cert would never work for a publicly accessible application, as you would need each user to somehow accept that cert as trusted (which as others have stated is not possible via AJAX).
Second, even if you get past the SSL problem, you are likely to have a cross-domain request problem. That is, AJAX cannot be used to make cross-domain calls unless you are using JSONP or the target server has properly configured CORS policy (which I would guess is not the case considering the self-signed cert).
Your best bet may be to expose a backend API on your server which you can call via AJAX, with the backend then making the cross-domain call and exposing the data back in response to the AJAX request. You could even cache the results of the remote call locally if it makes sense.
Upvotes: 3
Reputation: 312
You have to add a certificate exception to the browser to make it work.
Like Open this address =1390422014472">https://wcc-dev-api.dyndns.info/pubtimeslots/?categoryid=20&=1390422014472
in your chrome browser click "proceed anyway". It'll add an exception to the chrome browser.
And you are making a json request to the outside of the server, you have to do JSONP to make it work
Upvotes: 0
Reputation: 13354
This is a self-signed certificate you are using. There is no higher authority to establish "trust". It will always cause this error note except in cases where the client browser has already established private key exchange. This is true in direct connections via the web browser, as well as $.ajax()
calls behind the scenes.
Self-signed certificates are useful for testing or private applications, but when put into production you will need a certificate signed by a certificate authority.
http://en.wikipedia.org/wiki/Self-signed_certificate
Upvotes: 0