Skip to main content

Questions tagged [ssl-certificate-errors]

The tag has no usage guidance.

Filter by
Sorted by
Tagged with
36 votes
4 answers
181k views

Is the alert “SSL3_READ_BYTES:sslv3 alert bad certificate” indicating that the SSL failed

While running the below command openssl s_client -host example.xyz -port 9093 I get the following error: 139810559764296:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt....
kris433's user avatar
  • 463
22 votes
5 answers
74k views

Two Way SSL Error - 400 The SSL certificate error just for client certificate

I am trying to configure two-way SSL with SSL certs (for server and client) signed by Intermediate CAs. This is what I have done so far following this tutorial. Server - nginx application Nginx is ...
vikas027's user avatar
  • 1,239
19 votes
4 answers
80k views

Nginx SSL_do_handshake() failed SSL: error:1417D18C:SSL

Today we've installed a SSL certificate (from letsencrypt) on our server which hosts a very busy website. After a few hours we've noticed that we have some users are getting errors from nginx: 2018/...
user1518820's user avatar
7 votes
1 answer
41k views

How to diagnose "CA certificate too weak" error, how to use the CA cert anyway?

I have to use a service that uses self-signed certificate (from Ubuntu). I have added the company's CA to the trusted list (Ubuntu). After that "self signed certificate in chain" error is ...
Petr Gladkikh's user avatar
6 votes
2 answers
15k views

SSL_ERROR_NO_CYPHER_OVERLAP error with signed certifcate

My company has supplied a Tomcat/MySQL based application to a customer that by default uses http. At the request of the customer I enabled this to use https by creating a self-signed certificate. This ...
Darren's user avatar
  • 335
5 votes
3 answers
78k views

SSL issues "Peer's certificate issuer has been marked as not trusted by the user."

We have a public facing development server that requires SSL for a particular function. Yet EVERYTHING that uses SSL in any form returns curl: (60) Peer's certificate issuer has been marked as not ...
James F's user avatar
  • 71
4 votes
6 answers
16k views

HTTPS compatibility issue with Chrome 116/117 ERR_SSL_PROTOCOL_ERROR

I'm having error ERR_SSL_PROTOCOL_ERROR since 2 day on my website for some reason. Browsers tested Windows Chrome 117.0.5938.132 : ERR_SSL_PROTOCOL_ERROR Android Chrome 117.0.5938.61 : ...
Alexandre Lavoie's user avatar
4 votes
2 answers
248 views

Can't secure sub domain with SSL

I am trying to secure a sub domain: bitbucket.kl.company.com The certificate is for *.company.com. So I get an error: bitbucket.kl.company.com uses an invalid security certificate. The certificate ...
eeijlar's user avatar
  • 333
4 votes
3 answers
18k views

openssl keeps creating v1 certificate instead of v3

Hell everyone, so i'm trying to create a self signed certificate for my domain and for some reason openssl keeps creating V1 certificates for my server instead of V3 and that is causing browsers to ...
Ghaith Haddad's user avatar
4 votes
3 answers
4k views

Email server certificate valid according to CheckTLS, invalid according to Thunderbird

I have set up an email server using docker-mailserver. DKIM, SPF, and DMARC are configured fine. SSL was set up using Let's Encrypt. Server has TLS and STARTTLS enabled. I ran a TLS/SSL test on https:/...
thanks_in_advance's user avatar
4 votes
1 answer
9k views

Cannot get cURL or wget to validate some SSL certificates

I've noticed that our link checker, which uses cURL, fails more and more often to validate SSL certificates. I'm trying to get to the bottom of this. https://www.bgetem.de/, for instance, opens just ...
user2323470's user avatar
4 votes
1 answer
14k views

nginx ssl configuration per virtual host

I am switching configuration from a single host to several virtual hosts on the nginx server. Until my changes, ssl was working correctly, but after adding several virtual hosts, each with unique ...
Maciej Dobrowolski's user avatar
4 votes
1 answer
5k views

SSL client certificate authentication returns "21:unable to verify the first certificate"

I'm in the process of transferring some of my old-and-busted apache2 web servers to newer and more resilient nginx containers. On my old web server, I have an apache2 server that hosts secretbackdoor....
scuba_mike's user avatar
4 votes
1 answer
2k views

Mutual SSL authentication and requirements for certificates

For our internal tests I need to set up the mutual SSL authentication between our IIS server (it hosts two applications: ASP.NET web GUI and a web service) and clients (accessing the server in two ...
Maciek's user avatar
  • 143
3 votes
1 answer
1k views

Why does Chrome trust the same authority on this certificate, but not the other?

Why does Chrome trust the certificate authority for this site, but not for this one? This is the same machine, same browser, signed by the same authority, and Chrome shows the intermediate chain ...
Jeff Puckett's user avatar
3 votes
2 answers
20k views

Errors when attempting to connect to PostgreSQL 9.6 using SSL wildcard server certificate and no client certificates

I have a PostgreSQL 9.6.11 database on Amazon Linux that has been configured with a 2048-bit SSL wildcard server certificate and password-based (no client certificates) remote connections since ...
Parker's user avatar
  • 783
3 votes
1 answer
4k views

Ubuntu cannot verify Sectigo certificate

On a server we adminster for a customer, no application can access certain HTTPS URLs, for example: $ wget https://open-data.bielefeld.de/sites/default/files/...
jdm's user avatar
  • 231
3 votes
1 answer
12k views

OpenSSL s_client returns unsupported certificate purpose on one machine but works normally on another with same certificates

I'm debugging TLS connection issue between host and docker container. My docker container has a server certificate: -----BEGIN CERTIFICATE----- ...
paulus's user avatar
  • 133
3 votes
1 answer
2k views

Let's Encrypt certificate on SQL Server 2019 - "The target principal name is incorrect"

Summary I'm having trouble getting a certificate issued by Let's Encrypt R3 to work on SQL Server 2019. When using the certificate for SSL but not trusting the server certificate explicitly (In SSMS, ...
fusillibips's user avatar
2 votes
1 answer
37k views

Error "SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate" on lighttpd

I'm using a valid certificate but I'm not able to get client certificate. The lighttpd service fails with error: (connections-glue.c.200) SSL: 1 error:140890C7:SSL routines:...
LeonanCarvalho's user avatar
2 votes
2 answers
10k views

ERR_SSL_VERSION_OR_CIPHER_MISMATCH with signed certificate in Tomcat

I have a tomcat server for which I needed a signed certificate. I generated a key using keytool -genkey .... and then generated a CSR and sent it to my company admin. They gave me back a CER ...
feroze's user avatar
  • 245
2 votes
1 answer
2k views

OpenSSL fails to detect expired intermediate CA certificate in s_client SSL connection test

By accident, I have an expired intermediate certificate at the end of my chain file in my Dovecot server's SSL configuration. It's enough of a problem that my Android e-mail client refuses to use it, ...
BaseZen's user avatar
  • 396
2 votes
1 answer
5k views

openssl not find certificates unless specified with -CAfile

I'm struggling with openssl since some days. I've compiled openssl on an ARM device and when I run openssl s_client -connect google.com:443 the connection will fail with error 20: unable to get local ...
Marco's user avatar
  • 121
2 votes
1 answer
2k views

CloudFront redirection with ssl gives "invalid certificate" error when accessing https://company.com, but why?

I've configured an AWS CloudFront redirection (with SSL) using [this guide].1 I've configured an A record with Alias which points company.com. to the CloudFront domain name. When I access the ...
Itai Ganot's user avatar
  • 10.9k
2 votes
2 answers
1k views

Ubuntu SSL now broken after make installing openssl

I was attempting to set up a Cisco VPN and had run into some issues, in the process of trying to correct those issues I made some changes to my certificates directory and ran several commands ...
dan178's user avatar
  • 123
2 votes
0 answers
638 views

openssl s_client shows an incorrect certificate chain

On one of my servers belonging to a customer I "suddenly" cannot verify any public TLS certificates. All requests to "the public" fail on an invalid certificate. I can, however, ...
Martin Melka's user avatar
2 votes
0 answers
953 views

NGINX: Configure to setup mTLS with ssl_client_certificate, ssl_verify_client, ssl_certificate and ssl_certificate_key

Right off the bat there are a couple posts that go through this issue but I am unsure what the settings are doing exactly in order to achieve the correct result. I'm able to verify the client but not ...
Christian Matthew's user avatar
2 votes
0 answers
224 views

Not able to login to my node application after SSL certificate installation in nginx server

I have a node application having its front end deployed in Nginx http web server and the back end (molecular microservices) in node server both on an AWS ec2 Linux VM. the application URL is ...
Abhishek Chaubey's user avatar
2 votes
0 answers
1k views

DLG_FLAGS_INVALID_CA and DLG_FLAGS_SEC_CERT_CN_INVALID

scenario is trying to connect via web browser to the IPMI of a new server I have; from Windows 10 either Internet Explorer 11 or Edge. Both report This site is not secure with the error being ...
ron's user avatar
  • 855
2 votes
0 answers
844 views

Connecting to ssl mysql always fails with error 2026

I have mariadb version 10.1.21-MariaDB-1~jessie (on debian 8) running a master-server replication scenario via ssl and it's working : MariaDB [(none)]> show slave status\G; ******************...
Horatiu's user avatar
  • 41
1 vote
1 answer
4k views

Certificate hasn't got a known issuer

The TLS (SSL) certificate on one of my site expired yesterday. I obtained a new one - and installed it on the site (running on Debian 9 under nginx). Now when I access the site from a windows or mac, ...
Aleks G's user avatar
  • 1,026
1 vote
2 answers
1k views

How to resolve SSLProtocol Syntax Error

I am trying to install an SSL Certificate. When I restart apache I get this error: SSLProtocol: Illegal protocol '\xe2\x80\x93SSLv2' Here are my conf file directives: <VirtualHost *:443> ...
H. Ferrence's user avatar
1 vote
2 answers
695 views

SSL CA certificate mismatch in browser view and OS view

I navigated to www.flipkart.com and viewed its certificate chain. There were two intermediate certificates namely Go Daddy Secure Certificate Authority - G2 and Go Daddy Root Certificate Authority - ...
Oxia's user avatar
  • 11
1 vote
1 answer
6k views

Need help to establish secure ftp connection from linux to z/OS FTPS server

I need help to establish secure ftp connection from linux client to z/OS host running FTPS server. From FTPS server admin I have got following information: Host IP address, port, CA certificate file ...
Leonid Tepliakov's user avatar
1 vote
1 answer
661 views

Seeking ground truth on TLS certificates and MacOS - browser, curl, openssl compared

On a Mac, High Sierra 10.13.5, I'm seeing a difference in TLS certification validation. Chrome and Safari are happy with TLS validation when visiting https://www.visitflorida.com. Also, curl has no ...
Kevin Buchs's user avatar
1 vote
1 answer
6k views

no trusted rsa public key found

I am trying to setup ikev2 with strongswan using a wildcard certificate. The config seems to work for iOS with this certificate but doesn't work for Android, getting this error - no trusted rsa ...
Vitalik Jimbei's user avatar
1 vote
2 answers
749 views

SSL cert errors for certain browsers. How can I find out what SSL features old browsers don't support, which my site relies on?

The SSL Server test from ssllabs will test your HTTPS server and give you a score on how well your HTTPS server is set up. You can use that results to get the most secure HTTPS server. I have a HTTPS ...
Amandasaurus's user avatar
  • 32.5k
1 vote
2 answers
96 views

alert certificate expired:../ssl/record/rec_layer_s3.c:1543:SSL alert number 45 when sending mails from the same server that hosts postfix

So, I have setup an smtp server using smtp in a Debian 11 machine. It works perfect when sending emails from my phone and my computer, but it does not work when trying to send emails from the same ...
Gottfried Rosenberger's user avatar
1 vote
2 answers
1k views

OpenDKIM-provided tools do not provide a usable key-pair for DKIM

I use opendkim-genkey -b 2048 -t -s default -d mydomain.com, resulting in files default.private and default.txt. Yes, default.private begins (correctly, SFAIK) with -----BEGIN RSA PRIVATE KEY----- and ...
Eric Dynamic's user avatar
1 vote
2 answers
4k views

Haproxy appears do be issuing the wrong certificate

I am trying to secure a domain with haproxy. When I load the URL: bitbucket.kl.company.com, I get the error: bitbucket.kl.company.com uses an invalid security certificate. This certificate is only ...
eeijlar's user avatar
  • 333
1 vote
1 answer
861 views

CertPathValidatorException with Windows server and Android client

I installed a new PositiveSSL certificate from Comodo on a Windows Server 2008 R2 computer. I successfully connected from the following clients Chrome for Windows Chrome for Android Firefox for ...
Aldaviva's user avatar
  • 161
1 vote
1 answer
859 views

Make gnutls-cli print local root certificate as well as server-provided certificates

I'm diagnosing a TLS certificate verification problem in Ubuntu Xenial that resulted from the recent Let's Encrypt root certificate expiration. The problem happens in cURL which uses GnuTLS under the ...
ivan_pozdeev's user avatar
1 vote
1 answer
1k views

Redirecting Error with google load balancer

I'm trying to setup Google Load Balancer and couldn't get it work. It produces either 502 or 302 error. Wanting to direct www to non-www, http to https. This is my rewrite rule SetEnvIf X-...
FlyingPenguin's user avatar
1 vote
1 answer
3k views

openssl alternative names is missing

I generated CA, with this article, and stored it in my machine. Now, I want to create a server certificate and use it in my webserver. This is my generate server certificate code: #!/bin/bash # USE: ....
No1Lives4Ever's user avatar
1 vote
1 answer
5k views

MySQL SSL error: wrong version number

I'm having difficulty with MySQL and OpenSSL. I'm running MySQL 5.7 and OpenSSL 1.1.0g on Ubuntu 16.04 Regardless of what certificates I load, MySQL starts up but does not establish a connection over ...
zaump's user avatar
  • 11
1 vote
0 answers
29 views

One individual being served a different scrambled security certificate for our website?

We have set up a new certificate for our website using Let's Encrypt. We don't have customers using the site yet, but when we test it from multiple locations, almost everyone that goes to our site is ...
dallin's user avatar
  • 119
1 vote
0 answers
375 views

kolla-ansible SSL certificate expired

My ssl certificate has expired in my openstack deployment and I can't login in and several services do not work well because of it. How can I remediate to this? I tried to find a way to disable the ...
Wodel's user avatar
  • 71
1 vote
1 answer
1k views

Exchange 2019 ssl certificate invalid

I have installed Exchange 2019 for testing purposes. I have purchased a domain name and a certificate. After I installed it, the status shows: invalid. Thank you. Here is the result of certutil -...
Alain's user avatar
  • 53
1 vote
2 answers
3k views

Gunicorn/Flask reject identical SSL certificate that works fine with Apache

What would cause a Gunicorn server running a Flask app to report a "sslv3 alert certificate unknown" error in the browser, when an Apache server running a WSGI app, using the exact same ...
Cerin's user avatar
  • 3,670
1 vote
1 answer
3k views

SSL error: No path found from the leaf certificate to any root. Maybe an intermediate certificate is missing

I've setup a personal mail server using postfix, postfix-saslauth, courier (mysqlauthd, imap, pop) plus some well practices like SPF, DKIM and DMARC. This set up has been working fine for the last 10 ...
peris's user avatar
  • 508