First off, people in this thread are describing multiple different problems and so different solutions.
For this error:
SSL Error: Invalid or self-signed certificate
The problem is related to the way Flash player handles Certificates compared to browsers. It’s not just affecting Magento because Magento uses a component called “SWFUpload” for the images upload. Basically, the underlying problem is that whatever certificate you are using, the Flash player is not recognising the “Certificate Authority” as being trusted.
If you are using a Self-signed certificate, add your certificate to your operating systemâs list of trusted certificate authorities. In windows, you should be able to follow these instructions to Manage Certificates.
If you are using a ‘real’ certificate, there’s numerous issues. It could be that you haven’t installed the “Intermediate CA” certificate when you installed your SSL certificate - your browser probably already had the “Intermediate CA” installed and that’s why your browser isn’t being affect and my guess is that Flash looks at IE’s certificates list because it’s an ActiveX plugin. So, check if you can get hold of the “CA Bundle” from your SSL provider and install that in your Web Server - failing that working, an upgrade of Flash might also fix it because new CA certificates are being released all the time and so the new player will come with new Trusted CA’s. If that still fails, just add the CA to your Trusted certificates on your operating system.
The other problems that occur with SWFUpload are: site is secured using .htaccess - you can whitelist your own IP address if it’s a static IP by adding the “allow from” line in your .htaccess file, add your IP address. This will allow you to access the site without having to Authenticate with the Basic Authentication.
AuthName "Dev Site"
<Limit GET POST>
deny from all
allow from 10.10.10.10 #Put your IP here.
You can try to configure mod_security Off in .htaccess file
If your host does not allow htaccess configuration, you need to request support to disable mod_security by using the following rule
SecRule SERVER_NAME "yourdomain.com" phase:1,nolog,allow,ctl:ruleEngine=off
I hope that helps everyone with the SWFUpload issues they are experiencing.