Skip to main content

Questions tagged [ssl-certificate-errors]

1 vote
0 answers
253 views

Sectigo SSL certificate missing chain certs

Our website uses an SSL certificate from Sectigo. It works fine except for browsers on old devices: https://www.ssllabs.com/ shows no chain issues: However, https://www.sslchecker.com/sslchecker ...
Hong's user avatar
  • 129
1 vote
0 answers
48 views

Postman API call fails but 'Code Snippet' curl version of it is successful

Windows 11 Enterprise VM laptop host VMWare Workstation Pro 17+. VM Windows 11 Enterprise N DESKTOP-ABC123, with IIS and SQL, with a .Net 4.7.2 Framework Web app (named console) and a public API ...
Robert Achmann's user avatar
0 votes
1 answer
153 views

Install certificate with iLo5 in ProLiant DL360 Gen10

Has anyone configured a trusted certificate with ILO5 in a DL360 g10 system? The certificate I am using is working with other infrastructure servers. I can import self signed certificate without any ...
Shrikant Nayak's user avatar
0 votes
1 answer
126 views

Trouble with an SSL cert. Works for most people, but a few are saying chrome is giving them SSL errors

My domain https://synic.dev is working for most people, but some are reporting SSL errors with Chrome. I don't believe it's a browser cache problem because they haven't visited the site before. https:/...
synic's user avatar
  • 841
0 votes
0 answers
740 views

Apache 2.4 on AlmaLinux - webhost configuration with SSL

I've just recently set up a VPS, installed httpd, installed firewalld, I've opened ports 80 and 443, and made the following settings in my httpd.conf: ServerRoot "/etc/httpd" listen 80 ...
Xerix's user avatar
  • 113
0 votes
1 answer
1k views

Openssl cannot verify CA cert and then it can verify it all in the same operation?

Open ssl debug reports first that it cannot verify the CA cert, and then that it can verify it during the course of just one command, why? openssl s_client -connect 3d.example.com:443 -debug depth=0 ...
JK01's user avatar
  • 340
0 votes
0 answers
22 views

Are wildcard ssl certs insecure for multi-level domains? [duplicate]

I have an SSL cert that has a CN set for *.mydomain.com. This seems to be fine for my 1st level subdomains, e.g. forum.mydomain.com and www.mydomain.com. However, on 2nd level subdomains (e.g. www....
user1118764's user avatar
1 vote
0 answers
59 views

One individual being served a different scrambled security certificate for our website? [closed]

We have set up a new certificate for our website using Let's Encrypt. We don't have customers using the site yet, but when we test it from multiple locations, almost everyone that goes to our site is ...
dallin's user avatar
  • 119
0 votes
0 answers
595 views

Apache 2.4 Cipher Suite Mismatch from config

We are running Apache 2.4 as reverse proxy to a Tomcat 9.0.88 web application. We started having an issues after a fresh install where Apache was rejecting incoming ssl handshakes from other Web apps. ...
 RichardFeynman's user avatar
0 votes
1 answer
435 views

Why is my web site certificate not recognized on iphone devices only?

I have a web site that I manage at myradental.com . I have installed SSL certificate over cpanel. The pages opens with no problem on any browsers on PC, android devices and etc. But when I try to open ...
zkanoca's user avatar
  • 113
-2 votes
1 answer
618 views

Active Directory TLS authentication issue (Windows Server 2019 & 2012 R2)

I am facing an issue with AD TLS communication-related issues. Six months before I could authenticate the user on SSL communication using the CA certificate alone. Currently, I cannot authenticate ...
ram ajay's user avatar
0 votes
1 answer
3k views

Why doesn't Google Chrome on Mac pick up local Certificate Authority as the other browsers?

I have generated local CA and Cert on my Mac, from this walkthrough: https://blog.arrogantrabbit.com/ssl/Root-CA-macOS/ I then provide the certificate/key to nginx local server, that I visit with my ...
Pandaiolo's user avatar
  • 101
2 votes
0 answers
2k views

openssl s_client shows an incorrect certificate chain

On one of my servers belonging to a customer I "suddenly" cannot verify any public TLS certificates. All requests to "the public" fail on an invalid certificate. I can, however, ...
Martin Melka's user avatar
4 votes
6 answers
18k views

HTTPS compatibility issue with Chrome 116/117 ERR_SSL_PROTOCOL_ERROR

I'm having error ERR_SSL_PROTOCOL_ERROR since 2 day on my website for some reason. Browsers tested Windows Chrome 117.0.5938.132 : ERR_SSL_PROTOCOL_ERROR Android Chrome 117.0.5938.61 : ...
Alexandre Lavoie's user avatar
1 vote
1 answer
2k views

Must a valid SSL/TLS certificate include "client authentication" purpose (OID 1.3.6.1.5.5.7.3.2)?

In other words, could the missing "client authentication" purpose in our CA-issued SSL cert be the reason it's not trusted by browsers? If so, how do I add that purpose / OID in a CSR (...
kindzmarauli's user avatar
0 votes
0 answers
95 views

Is it necessary to recreate a Google-managed SSL certificate when switching the SSL resolution to a different provider?

I attempted to migrate a website from GCP to AWS Lightsail and then back again in order to gain a better understanding of the process. However, I discovered that the process was not as straightforward ...
FlyingPenguin's user avatar
1 vote
2 answers
328 views

alert certificate expired:../ssl/record/rec_layer_s3.c:1543:SSL alert number 45 when sending mails from the same server that hosts postfix

So, I have setup an smtp server using smtp in a Debian 11 machine. It works perfect when sending emails from my phone and my computer, but it does not work when trying to send emails from the same ...
Gottfried Rosenberger's user avatar
0 votes
0 answers
179 views

SSL Certificate related - Too many redirects

I am using bitnami wordpress website. I was trying to replace the old SSL certificates files with the new ones. I did replaced it but now I am getting "too many redirects errors". Can anyone ...
Dhaval Joshi's user avatar
0 votes
1 answer
685 views

SSL certificate not working for www subdomain on multiple domain setup

I have a LAMP server running CentOS Stream 8 and Apache 2.4.37. On this I have three domains (let's call them example.com, example.net & example.org). I have SSL certificates for each domain + the ...
Adrien Hingert's user avatar
0 votes
2 answers
157 views

IIS 8 Default SSL Bindings Break

Scenario: We have two sites on Windows Server 2012 R2 running IIS8. There are two wildcard certificates for each domain. *pharmlogs that binds to the site and subdomains pharmlogs.com and *traxworx ...
DMunson's user avatar
0 votes
1 answer
922 views

Is there a way to restart apache ignoring ssl certificate errors?

My server has lots of virtualhosts, many client's domains come and go pretty frequently, and sometimes it's difficult to act quickly, finding the culprit (usually a dismissed domain) and restart ...
user1967184's user avatar
0 votes
1 answer
2k views

Ngninx "cannot load certificate BIO_new_file() failed (SSL: error:0200100D:system library:fopen:Permission", help fix this [emerg] error

I am running an Ubuntu 20.04 LEMP server on a Raspberry Pi 4. In my nginx errror logs I am getting the following error: 2023/05/29 11:51:40 [emerg] 3356#3356: cannot load certificate "/etc/...
DanRan's user avatar
  • 163
4 votes
1 answer
5k views

Let's Encrypt certificate on SQL Server 2019 - "The target principal name is incorrect"

Summary I'm having trouble getting a certificate issued by Let's Encrypt R3 to work on SQL Server 2019. When using the certificate for SSL but not trusting the server certificate explicitly (In SSMS, ...
fusillibips's user avatar
0 votes
0 answers
1k views

Can't enable ssl on windows apache24

So, i've already sucessfully installed ssl certificates in apache virtual hosts (2 websites) but i'm unable to access them because every time I activate SSL in httpd.conf apache service wont start <...
totabank's user avatar
3 votes
1 answer
7k views

Ubuntu cannot verify Sectigo certificate

On a server we adminster for a customer, no application can access certain HTTPS URLs, for example: $ wget https://open-data.bielefeld.de/sites/default/files/...
jdm's user avatar
  • 231
2 votes
0 answers
1k views

NGINX: Configure to setup mTLS with ssl_client_certificate, ssl_verify_client, ssl_certificate and ssl_certificate_key

Right off the bat there are a couple posts that go through this issue but I am unsure what the settings are doing exactly in order to achieve the correct result. I'm able to verify the client but not ...
Christian Matthew's user avatar
1 vote
0 answers
527 views

kolla-ansible SSL certificate expired

My ssl certificate has expired in my openstack deployment and I can't login in and several services do not work well because of it. How can I remediate to this? I tried to find a way to disable the ...
Wodel's user avatar
  • 81
0 votes
0 answers
108 views

Certificate marked as "not trusted by CA

I have a rather surprising problem these last days on one of my certificates signed by my root CA (via AD-CS). I noticed that my browser sends me back a message that I have never seen in place of my ...
Sagaroth's user avatar
3 votes
2 answers
2k views

Ubuntu SSL now broken after make installing openssl

I was attempting to set up a Cisco VPN and had run into some issues, in the process of trying to correct those issues I made some changes to my certificates directory and ran several commands ...
dan178's user avatar
  • 133
0 votes
1 answer
2k views

Server down after updating SSL certificates

I'm by no means an expert in this area, so I apologize if the question is dumb. I'm updating the SSL certificates on a client's website, but after updating the conf file the server went down. Apache ...
Jillian Hoenig's user avatar
0 votes
1 answer
1k views

SSL Cert Issues with Proxy Server Configuration

Running into an issue when applying an SSL cert to one of our reverse proxy servers - "This server could not prove it is <servername>". I think I might be confusing some of the SAN ...
jrd1989's user avatar
  • 728
0 votes
0 answers
258 views

My server has been physically moved to a new rack with a new IP address, and now I'm getting OCSP errors? Could it be an IPv6 thing maybe?

I'm pretty sure SSL certificates are almost always tied to a domain name rather than an IP address. And the vast majority of my traffic is unaffected, generally things are working well. However, my ...
Codemonkey's user avatar
  • 1,238
0 votes
0 answers
368 views

Best Way to Force use of SSL Certificate

When a browser connects to my website by entering it's FQDN the connection is encrypted using the site's SSL Certificate. However it has come to my attention that it is possible to bypass the SSL and ...
Huw Evans's user avatar
  • 113
0 votes
0 answers
2k views

Nginx with SSL behind another Nginx (with nginx-proxy)

I have two VMS. The first is VM1 and the second is VM2. The first is a VPN server and the second is a client. On VM1 the Nginx is installed as a reverse proxy from the official Docker repository. On ...
Kirill Gonchar's user avatar
0 votes
0 answers
167 views

Unable to install Godaddy SSL on openlitespeed webserver

I'm trying to install Godaddy Ssl to openLitespeed server but it's not working. I added .key .crt files to /usr/local/lsws/conf/cert/ then added the path to ssl listener as: $SERVER_ROOT/conf/cert/...
Hamodea Net's user avatar
0 votes
1 answer
2k views

This site is missing a valid, trusted certificate || Apache2 webserver, Windows root CA

I'm learning about certificates, HTTPS together and after 4 days I'm out of idea how to set up to become trusted. In my lab env. I have a Windows server with a CA role. Previously I installed a VM-...
Finaria's user avatar
  • 23
0 votes
1 answer
5k views

How to add server certificate exception to Chrome/Edge?

Is it possible to add server certificate exceptions for some websites (to skip warning page about certificates that are expired, self-signed or with missing or mismatched CN/SANs) in Google Chrome / ...
jacob_w's user avatar
0 votes
1 answer
959 views

Exim4 client rejecting TLS certificate

I'm having a problem with Exim4 and the TLS certificates, when I try a test connection using gnutls-cli I get this error: Processed 128 CA certificate(s). Resolving 'mail.reformaspaco.es:25'... ...
GGGuilleGGG's user avatar
1 vote
1 answer
1k views

Make gnutls-cli print local root certificate as well as server-provided certificates

I'm diagnosing a TLS certificate verification problem in Ubuntu Xenial that resulted from the recent Let's Encrypt root certificate expiration. The problem happens in cURL which uses GnuTLS under the ...
ivan_pozdeev's user avatar
1 vote
1 answer
4k views

SSL certificate error when not typing FQDN and relying on default search domain

DNS and SSL aren't really in my wheelhouse more than a rudimentary understanding, I hope what I want to do isn't impossible! Here's the situation: We have an internal domain and DNS servers, let's ...
Vitalydotn's user avatar
0 votes
2 answers
4k views

How to remove expired Let's Encrypt cert (Debian)

I am trying to remove the expired DST Root CA X3 Let's Encrypt SSL cert (expired yesterday) from a Debian server which is still appearing when I check in SSL Labs: RSA 2048 bits (e 65537) / ...
omega1's user avatar
  • 445
1 vote
2 answers
2k views

OpenDKIM-provided tools do not provide a usable key-pair for DKIM

I use opendkim-genkey -b 2048 -t -s default -d mydomain.com, resulting in files default.private and default.txt. Yes, default.private begins (correctly, SFAIK) with -----BEGIN RSA PRIVATE KEY----- and ...
Eric Dynamic's user avatar
0 votes
1 answer
4k views

Exchange Server Error ID 15021

My Exchange Server 2013 writes "Error 15021" dozens of times in the Error log. It says, that there is an error using the SSL-Configuration. I googled the error but there seem to be a lot of ...
tux's user avatar
  • 1
0 votes
2 answers
605 views

Nginx Revers Proxy Overwrite Certificate

I have a problem trying to overwrite a certificate using NGINX as a Reverse Proxy forwarding all request to an Apache Server with and old certificate (TLS 1.0) This is the output for my .conf file: ...
Julian Rios's user avatar
0 votes
1 answer
2k views

Cloudfront 502 error with ALB origin in different region

I have a CloudFront which has one of its origins as an application load balancer, this load balancer is available in a different region from the CloudFront which is only available in N.Virginia and is ...
Odasaku's user avatar
  • 101
0 votes
0 answers
3k views

Decrypt error in TLS handshake after ServerKeyExchange

I have a WEB application deployed to Tomcat server. I connect to it with Chrome browser with HTTPS but I have decrypt error during TLS handshaking on the client side after ServerKeyExchange. ...
Ferenc T's user avatar
  • 101
1 vote
1 answer
1k views

Redirecting Error with google load balancer

I'm trying to setup Google Load Balancer and couldn't get it work. It produces either 502 or 302 error. Wanting to direct www to non-www, http to https. This is my rewrite rule SetEnvIf X-...
FlyingPenguin's user avatar
1 vote
1 answer
1k views

Exchange 2019 ssl certificate invalid

I have installed Exchange 2019 for testing purposes. I have purchased a domain name and a certificate. After I installed it, the status shows: invalid. Thank you. Here is the result of certutil -...
Alain's user avatar
  • 53
1 vote
2 answers
4k views

Gunicorn/Flask reject identical SSL certificate that works fine with Apache

What would cause a Gunicorn server running a Flask app to report a "sslv3 alert certificate unknown" error in the browser, when an Apache server running a WSGI app, using the exact same ...
Cerin's user avatar
  • 3,940
0 votes
1 answer
568 views

.htaccess redirect from SSL root domain to another subdomain with different SSL causes NET::ERR_CERT_COMMON_NAME_INVALID

I need help to figure this out. I have two local, separate webservers 192.168.11.5 (https://www.example.com) and 192.168.9.14 (https://project.example.com). Each has separate non-wildcard SSL ...
JJustine's user avatar