HTTPS SSL Certificate for services.odata.org is bad

[jonathanbaker7]

When attempting to connect to the services.odata.org site, using SSL, I get the following error:

This server could not prove that it is services.odata.org; its security certificate is from *.azurewebsites.net. This may be caused by a misconfiguration or an attacker intercepting your connection.

The SSL certificate for the services.odata.org appears to be the default certificate from Azure. Azure automatically enables HTTPS, and then uses a default certificate from *.azurewebsites.net.

Azure offers instructions on how to fix this. The details are documented here.

[chinadragon0515]

We have no intention to enable https of reference services as the site has no sensitive information and we do not enable authentication and authorization neither.

We will work on this issue, but based on the many higher priority items we have now, it will take some time, I will suggest you host the service by yourself and enable https with your certificate, the service source code are stored in https://github.com/OData/ODataSamples/tree/master/RESTier/TripPinInMemory

Let us know if you have any more comments or suggestions.

[StefH]

@chinadragon0515 If possible, please do fix the https issue because I cannot use your example V4 Northwind when the main-code is running on https. (Example see this demo-page.)

[jgsousa]

The o.js library will refuse connections to service.odata.org if the calling application is running over HTTPS (everything does nowadays regardless of sensitive information). You can update the example code to warn about this.

[jonathanbaker7]

My concern, @chinadragon0515, is that I reported the issue as "HTTPS certificate is bad". There is a certificate attached to this web server already. I was asking if you can either make it valid, or remove it.

I even offered instructions on the problem. Why can't your team just follow those instructions?