We have a staging site setup with Wpengine and since the WordPress 4.0 update, all pages that require SSL are refusing to connect.
Error from Chrome:
Your connection is not private Attackers might be trying to steal your
information from your-site.staging.wpengine.com (for example,
passwords, messages, or credit cards).
Error from Firefox:
This Connection is Untrusted You have asked Firefox to connect
securely to your-site.staging.wpengine.com, but we can’t confirm that
your connection is secure. Normally, when you try to connect securely,
sites will present trusted identification to prove that you are going
to the right place. However, this site’s identity can’t be verified.
Is anyone else experiencing the same issue or found a workaround? In Chrome, you can click Advanced > Proceed and still see the site just with SSL errors.
Doyle Lewis has the correct answer, you are seeing the errors because the domain your staging site is on does not have a signed SSL certificate.
When you use WP Engine’s staging service your site is mirrored on a temporary domain which is provided by WP Engine. Most likely what is going on here is that your site is requiring an SSL certificate and the one it’s expecting would be for your normal domain (not ‘your-site.staging.wpengine.com’).
It’s probably not a serious issue and should be safe to just click Advanced > Proceed to view the site.
If you’re concerned about security then more info is needed. If I was in your position and concerned I would contact WP Engine support staff, but I imagine they will tell you the same thing.
I’ve just seen similar.
It is not self signed.
It is part of the site.
They use “*.wpengine.com” wildcard certificate.
The URL is “.staging.wpengine.com”
Wildcards in certificates only match one level of sub-domain, so this is the wrong certificate to be using, they need to use “*.staging.wpengine.com” here.
The staging site isn’t for testing your SSL because you’re on a staging address, where you have zero control of the SSL as it belongs to WP Engine and you have no true way to force it properly.
Staging is for troubleshooting and theme development.
Your staging site works with
httpsand being awpengine.comsubdomain there is already a valid certificate. However, by default, the staging gets created withhttp. If you try to access your login usinghttpsit will redirect, forcing you to login with unsecured form and yielding browser errors. Contact support and have them force staging to use https for all your future staging for this site.