Questions tagged [ssl-certificate-errors]
The ssl-certificate-errors tag has no summary.
135 questions
1 vote
0 answers
253 views
Sectigo SSL certificate missing chain certs
Our website uses an SSL certificate from Sectigo. It works fine except for browsers on old devices: https://www.ssllabs.com/ shows no chain issues: However, https://www.sslchecker.com/sslchecker ...
1 vote
0 answers
48 views
Postman API call fails but 'Code Snippet' curl version of it is successful
Windows 11 Enterprise VM laptop host VMWare Workstation Pro 17+. VM Windows 11 Enterprise N DESKTOP-ABC123, with IIS and SQL, with a .Net 4.7.2 Framework Web app (named console) and a public API ...
0 votes
1 answer
153 views
Install certificate with iLo5 in ProLiant DL360 Gen10
Has anyone configured a trusted certificate with ILO5 in a DL360 g10 system? The certificate I am using is working with other infrastructure servers. I can import self signed certificate without any ...
0 votes
1 answer
126 views
Trouble with an SSL cert. Works for most people, but a few are saying chrome is giving them SSL errors
My domain https://synic.dev is working for most people, but some are reporting SSL errors with Chrome. I don't believe it's a browser cache problem because they haven't visited the site before. https:/...
0 votes
0 answers
740 views
Apache 2.4 on AlmaLinux - webhost configuration with SSL
I've just recently set up a VPS, installed httpd, installed firewalld, I've opened ports 80 and 443, and made the following settings in my httpd.conf: ServerRoot "/etc/httpd" listen 80 ...
0 votes
1 answer
1k views
Openssl cannot verify CA cert and then it can verify it all in the same operation?
Open ssl debug reports first that it cannot verify the CA cert, and then that it can verify it during the course of just one command, why? openssl s_client -connect 3d.example.com:443 -debug depth=0 ...
0 votes
0 answers
22 views
Are wildcard ssl certs insecure for multi-level domains? [duplicate]
I have an SSL cert that has a CN set for *.mydomain.com. This seems to be fine for my 1st level subdomains, e.g. forum.mydomain.com and www.mydomain.com. However, on 2nd level subdomains (e.g. www....
1 vote
0 answers
59 views
One individual being served a different scrambled security certificate for our website? [closed]
We have set up a new certificate for our website using Let's Encrypt. We don't have customers using the site yet, but when we test it from multiple locations, almost everyone that goes to our site is ...
0 votes
0 answers
595 views
Apache 2.4 Cipher Suite Mismatch from config
We are running Apache 2.4 as reverse proxy to a Tomcat 9.0.88 web application. We started having an issues after a fresh install where Apache was rejecting incoming ssl handshakes from other Web apps. ...
0 votes
1 answer
435 views
Why is my web site certificate not recognized on iphone devices only?
I have a web site that I manage at myradental.com . I have installed SSL certificate over cpanel. The pages opens with no problem on any browsers on PC, android devices and etc. But when I try to open ...
-2 votes
1 answer
618 views
Active Directory TLS authentication issue (Windows Server 2019 & 2012 R2)
I am facing an issue with AD TLS communication-related issues. Six months before I could authenticate the user on SSL communication using the CA certificate alone. Currently, I cannot authenticate ...
0 votes
1 answer
3k views
Why doesn't Google Chrome on Mac pick up local Certificate Authority as the other browsers?
I have generated local CA and Cert on my Mac, from this walkthrough: https://blog.arrogantrabbit.com/ssl/Root-CA-macOS/ I then provide the certificate/key to nginx local server, that I visit with my ...
2 votes
0 answers
2k views
openssl s_client shows an incorrect certificate chain
On one of my servers belonging to a customer I "suddenly" cannot verify any public TLS certificates. All requests to "the public" fail on an invalid certificate. I can, however, ...
4 votes
6 answers
18k views
HTTPS compatibility issue with Chrome 116/117 ERR_SSL_PROTOCOL_ERROR
I'm having error ERR_SSL_PROTOCOL_ERROR since 2 day on my website for some reason. Browsers tested Windows Chrome 117.0.5938.132 : ERR_SSL_PROTOCOL_ERROR Android Chrome 117.0.5938.61 : ...
1 vote
1 answer
2k views
Must a valid SSL/TLS certificate include "client authentication" purpose (OID 1.3.6.1.5.5.7.3.2)?
In other words, could the missing "client authentication" purpose in our CA-issued SSL cert be the reason it's not trusted by browsers? If so, how do I add that purpose / OID in a CSR (...
0 votes
0 answers
95 views
Is it necessary to recreate a Google-managed SSL certificate when switching the SSL resolution to a different provider?
I attempted to migrate a website from GCP to AWS Lightsail and then back again in order to gain a better understanding of the process. However, I discovered that the process was not as straightforward ...
1 vote
2 answers
328 views
alert certificate expired:../ssl/record/rec_layer_s3.c:1543:SSL alert number 45 when sending mails from the same server that hosts postfix
So, I have setup an smtp server using smtp in a Debian 11 machine. It works perfect when sending emails from my phone and my computer, but it does not work when trying to send emails from the same ...
0 votes
0 answers
179 views
SSL Certificate related - Too many redirects
I am using bitnami wordpress website. I was trying to replace the old SSL certificates files with the new ones. I did replaced it but now I am getting "too many redirects errors". Can anyone ...
0 votes
1 answer
685 views
SSL certificate not working for www subdomain on multiple domain setup
I have a LAMP server running CentOS Stream 8 and Apache 2.4.37. On this I have three domains (let's call them example.com, example.net & example.org). I have SSL certificates for each domain + the ...
0 votes
2 answers
157 views
IIS 8 Default SSL Bindings Break
Scenario: We have two sites on Windows Server 2012 R2 running IIS8. There are two wildcard certificates for each domain. *pharmlogs that binds to the site and subdomains pharmlogs.com and *traxworx ...
0 votes
1 answer
922 views
Is there a way to restart apache ignoring ssl certificate errors?
My server has lots of virtualhosts, many client's domains come and go pretty frequently, and sometimes it's difficult to act quickly, finding the culprit (usually a dismissed domain) and restart ...
0 votes
1 answer
2k views
Ngninx "cannot load certificate BIO_new_file() failed (SSL: error:0200100D:system library:fopen:Permission", help fix this [emerg] error
I am running an Ubuntu 20.04 LEMP server on a Raspberry Pi 4. In my nginx errror logs I am getting the following error: 2023/05/29 11:51:40 [emerg] 3356#3356: cannot load certificate "/etc/...
4 votes
1 answer
5k views
Let's Encrypt certificate on SQL Server 2019 - "The target principal name is incorrect"
Summary I'm having trouble getting a certificate issued by Let's Encrypt R3 to work on SQL Server 2019. When using the certificate for SSL but not trusting the server certificate explicitly (In SSMS, ...
0 votes
0 answers
1k views
Can't enable ssl on windows apache24
So, i've already sucessfully installed ssl certificates in apache virtual hosts (2 websites) but i'm unable to access them because every time I activate SSL in httpd.conf apache service wont start <...
3 votes
1 answer
7k views
Ubuntu cannot verify Sectigo certificate
On a server we adminster for a customer, no application can access certain HTTPS URLs, for example: $ wget https://open-data.bielefeld.de/sites/default/files/...
2 votes
0 answers
1k views
NGINX: Configure to setup mTLS with ssl_client_certificate, ssl_verify_client, ssl_certificate and ssl_certificate_key
Right off the bat there are a couple posts that go through this issue but I am unsure what the settings are doing exactly in order to achieve the correct result. I'm able to verify the client but not ...
1 vote
0 answers
527 views
kolla-ansible SSL certificate expired
My ssl certificate has expired in my openstack deployment and I can't login in and several services do not work well because of it. How can I remediate to this? I tried to find a way to disable the ...
0 votes
0 answers
108 views
Certificate marked as "not trusted by CA
I have a rather surprising problem these last days on one of my certificates signed by my root CA (via AD-CS). I noticed that my browser sends me back a message that I have never seen in place of my ...
3 votes
2 answers
2k views
Ubuntu SSL now broken after make installing openssl
I was attempting to set up a Cisco VPN and had run into some issues, in the process of trying to correct those issues I made some changes to my certificates directory and ran several commands ...
0 votes
1 answer
2k views
Server down after updating SSL certificates
I'm by no means an expert in this area, so I apologize if the question is dumb. I'm updating the SSL certificates on a client's website, but after updating the conf file the server went down. Apache ...
0 votes
1 answer
1k views
SSL Cert Issues with Proxy Server Configuration
Running into an issue when applying an SSL cert to one of our reverse proxy servers - "This server could not prove it is <servername>". I think I might be confusing some of the SAN ...
0 votes
0 answers
258 views
My server has been physically moved to a new rack with a new IP address, and now I'm getting OCSP errors? Could it be an IPv6 thing maybe?
I'm pretty sure SSL certificates are almost always tied to a domain name rather than an IP address. And the vast majority of my traffic is unaffected, generally things are working well. However, my ...
0 votes
0 answers
368 views
Best Way to Force use of SSL Certificate
When a browser connects to my website by entering it's FQDN the connection is encrypted using the site's SSL Certificate. However it has come to my attention that it is possible to bypass the SSL and ...
0 votes
0 answers
2k views
Nginx with SSL behind another Nginx (with nginx-proxy)
I have two VMS. The first is VM1 and the second is VM2. The first is a VPN server and the second is a client. On VM1 the Nginx is installed as a reverse proxy from the official Docker repository. On ...
0 votes
0 answers
167 views
Unable to install Godaddy SSL on openlitespeed webserver
I'm trying to install Godaddy Ssl to openLitespeed server but it's not working. I added .key .crt files to /usr/local/lsws/conf/cert/ then added the path to ssl listener as: $SERVER_ROOT/conf/cert/...
0 votes
1 answer
2k views
This site is missing a valid, trusted certificate || Apache2 webserver, Windows root CA
I'm learning about certificates, HTTPS together and after 4 days I'm out of idea how to set up to become trusted. In my lab env. I have a Windows server with a CA role. Previously I installed a VM-...
0 votes
1 answer
5k views
How to add server certificate exception to Chrome/Edge?
Is it possible to add server certificate exceptions for some websites (to skip warning page about certificates that are expired, self-signed or with missing or mismatched CN/SANs) in Google Chrome / ...
0 votes
1 answer
959 views
Exim4 client rejecting TLS certificate
I'm having a problem with Exim4 and the TLS certificates, when I try a test connection using gnutls-cli I get this error: Processed 128 CA certificate(s). Resolving 'mail.reformaspaco.es:25'... ...
1 vote
1 answer
1k views
Make gnutls-cli print local root certificate as well as server-provided certificates
I'm diagnosing a TLS certificate verification problem in Ubuntu Xenial that resulted from the recent Let's Encrypt root certificate expiration. The problem happens in cURL which uses GnuTLS under the ...
1 vote
1 answer
4k views
SSL certificate error when not typing FQDN and relying on default search domain
DNS and SSL aren't really in my wheelhouse more than a rudimentary understanding, I hope what I want to do isn't impossible! Here's the situation: We have an internal domain and DNS servers, let's ...
0 votes
2 answers
4k views
How to remove expired Let's Encrypt cert (Debian)
I am trying to remove the expired DST Root CA X3 Let's Encrypt SSL cert (expired yesterday) from a Debian server which is still appearing when I check in SSL Labs: RSA 2048 bits (e 65537) / ...
1 vote
2 answers
2k views
OpenDKIM-provided tools do not provide a usable key-pair for DKIM
I use opendkim-genkey -b 2048 -t -s default -d mydomain.com, resulting in files default.private and default.txt. Yes, default.private begins (correctly, SFAIK) with -----BEGIN RSA PRIVATE KEY----- and ...
0 votes
1 answer
4k views
Exchange Server Error ID 15021
My Exchange Server 2013 writes "Error 15021" dozens of times in the Error log. It says, that there is an error using the SSL-Configuration. I googled the error but there seem to be a lot of ...
0 votes
2 answers
605 views
Nginx Revers Proxy Overwrite Certificate
I have a problem trying to overwrite a certificate using NGINX as a Reverse Proxy forwarding all request to an Apache Server with and old certificate (TLS 1.0) This is the output for my .conf file: ...
0 votes
1 answer
2k views
Cloudfront 502 error with ALB origin in different region
I have a CloudFront which has one of its origins as an application load balancer, this load balancer is available in a different region from the CloudFront which is only available in N.Virginia and is ...
0 votes
0 answers
3k views
Decrypt error in TLS handshake after ServerKeyExchange
I have a WEB application deployed to Tomcat server. I connect to it with Chrome browser with HTTPS but I have decrypt error during TLS handshaking on the client side after ServerKeyExchange. ...
1 vote
1 answer
1k views
Redirecting Error with google load balancer
I'm trying to setup Google Load Balancer and couldn't get it work. It produces either 502 or 302 error. Wanting to direct www to non-www, http to https. This is my rewrite rule SetEnvIf X-...
1 vote
1 answer
1k views
Exchange 2019 ssl certificate invalid
I have installed Exchange 2019 for testing purposes. I have purchased a domain name and a certificate. After I installed it, the status shows: invalid. Thank you. Here is the result of certutil -...
1 vote
2 answers
4k views
Gunicorn/Flask reject identical SSL certificate that works fine with Apache
What would cause a Gunicorn server running a Flask app to report a "sslv3 alert certificate unknown" error in the browser, when an Apache server running a WSGI app, using the exact same ...
0 votes
1 answer
568 views
.htaccess redirect from SSL root domain to another subdomain with different SSL causes NET::ERR_CERT_COMMON_NAME_INVALID
I need help to figure this out. I have two local, separate webservers 192.168.11.5 (https://www.example.com) and 192.168.9.14 (https://project.example.com). Each has separate non-wildcard SSL ...