ssl - Apache Server CORS and self signed certificate issues -

i have apache server i'm attempting send requests on https to, i've been struggling past cross origin issues issues using ssl.

i'm not sure problem lies, seem getting different responses web consoles (testing firefox + chrome) concerning failed request. in chrome, see request sent post changed options , notes failed without else. in firefox, see following 2 issues:

in console, request says fails due cors:

cross-origin request blocked: same origin policy disallows reading remote resource @ https://123.456.789.001. can fixed moving resource same domain or enabling cors.

however, inspecting failed request in network tab shows following issue certificate:

123.456.789.001 uses invalid security certificate. certificate not trusted because self-signed. (error code: sec_error_unknown_issuer)

after digging, i'm having issues determining causing request fail - because cors rules not setup properly? or because i'm attempting send requests server using self signed certificate , therefore not being trusted request/browser?

i believe cors setup on end, here contents of files i'm using enable cors:

crossdomain.xml

<?xml version="1.0"?> <!doctype cross-domain-policy system "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy>     <site-control permitted-cross-domain-policies="all"/>     <allow-access-from domain="*" secure="false"/>     <allow-http-request-headers-from domain="*" headers="*" secure="false"/> </cross-domain-policy> 

.htaccess:

# set these headers. header set access-control-allow-origin "*" header set access-control-allow-methods "post, get, options, delete, put" header set access-control-max-age "1000" header set access-control-allow-headers "x-requested-with, content-type, origin, authorization, accept, client-security-token, access-control-allow-origin, x-frame-options"  # added rewrite respond 200 success on every options request. rewriteengine on rewritecond %{request_method} options rewriterule ^(.*)$ $1 [r=200,l] 

obviously these settings aren't great production, after spending hours trying pinpoint issue, went examples least restrictive in terms of enabling cors hoping i'd see requests go through , go , edit them properly. however, still see cross origin errors in console these changes uploaded apache server (and server restarted after files changed).

so there anyway tell if cors or self-signed certificate causing issue? didn't want go ahead , purchase ssl certificate @ time since i'm still in development, , site i'm using host content forced https, can't pass requests on http.