Questions tagged [ssl-certificate-errors]
The ssl-certificate-errors tag has no usage guidance.
131
questions
36
votes
4
answers
181k
views
Is the alert “SSL3_READ_BYTES:sslv3 alert bad certificate” indicating that the SSL failed
While running the below command openssl s_client -host example.xyz -port 9093
I get the following error:
139810559764296:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt....
22
votes
5
answers
74k
views
Two Way SSL Error - 400 The SSL certificate error just for client certificate
I am trying to configure two-way SSL with SSL certs (for server and client) signed by Intermediate CAs. This is what I have done so far following this tutorial.
Server - nginx application
Nginx is ...
19
votes
4
answers
80k
views
Nginx SSL_do_handshake() failed SSL: error:1417D18C:SSL
Today we've installed a SSL certificate (from letsencrypt) on our server which hosts a very busy website.
After a few hours we've noticed that we have some users are getting errors from nginx:
2018/...
7
votes
1
answer
41k
views
How to diagnose "CA certificate too weak" error, how to use the CA cert anyway?
I have to use a service that uses self-signed certificate (from Ubuntu). I have added the company's CA to the trusted list (Ubuntu). After that "self signed certificate in chain" error is ...
6
votes
2
answers
15k
views
SSL_ERROR_NO_CYPHER_OVERLAP error with signed certifcate
My company has supplied a Tomcat/MySQL based application to a customer that by default uses http. At the request of the customer I enabled this to use https by creating a self-signed certificate. This ...
5
votes
3
answers
78k
views
SSL issues "Peer's certificate issuer has been marked as not trusted by the user."
We have a public facing development server that requires SSL for a particular function.
Yet EVERYTHING that uses SSL in any form returns
curl: (60) Peer's certificate issuer has been marked as not ...
4
votes
6
answers
16k
views
HTTPS compatibility issue with Chrome 116/117 ERR_SSL_PROTOCOL_ERROR
I'm having error ERR_SSL_PROTOCOL_ERROR since 2 day on my website for some reason.
Browsers tested
Windows Chrome 117.0.5938.132 : ERR_SSL_PROTOCOL_ERROR
Android Chrome 117.0.5938.61 : ...
4
votes
2
answers
248
views
Can't secure sub domain with SSL
I am trying to secure a sub domain:
bitbucket.kl.company.com
The certificate is for *.company.com. So I get an error:
bitbucket.kl.company.com uses an invalid security certificate. The certificate ...
4
votes
3
answers
18k
views
openssl keeps creating v1 certificate instead of v3
Hell everyone,
so i'm trying to create a self signed certificate for my domain and for some reason openssl keeps creating V1 certificates for my server instead of V3 and that is causing browsers to ...
4
votes
3
answers
4k
views
Email server certificate valid according to CheckTLS, invalid according to Thunderbird
I have set up an email server using docker-mailserver.
DKIM, SPF, and DMARC are configured fine.
SSL was set up using Let's Encrypt. Server has TLS and STARTTLS enabled.
I ran a TLS/SSL test on https:/...
4
votes
1
answer
9k
views
Cannot get cURL or wget to validate some SSL certificates
I've noticed that our link checker, which uses cURL, fails more and more often to validate SSL certificates. I'm trying to get to the bottom of this.
https://www.bgetem.de/, for instance, opens just ...
4
votes
1
answer
14k
views
nginx ssl configuration per virtual host
I am switching configuration from a single host to several virtual hosts on the nginx server. Until my changes, ssl was working correctly, but after adding several virtual hosts, each with unique ...
4
votes
1
answer
5k
views
SSL client certificate authentication returns "21:unable to verify the first certificate"
I'm in the process of transferring some of my old-and-busted apache2 web servers to newer and more resilient nginx containers.
On my old web server, I have an apache2 server that hosts secretbackdoor....
4
votes
1
answer
2k
views
Mutual SSL authentication and requirements for certificates
For our internal tests I need to set up the mutual SSL authentication between our IIS server (it hosts two applications: ASP.NET web GUI and a web service) and clients (accessing the server in two ...
3
votes
1
answer
1k
views
Why does Chrome trust the same authority on this certificate, but not the other?
Why does Chrome trust the certificate authority for this site, but not for this one?
This is the same machine, same browser, signed by the same authority, and Chrome shows the intermediate chain ...
3
votes
2
answers
20k
views
Errors when attempting to connect to PostgreSQL 9.6 using SSL wildcard server certificate and no client certificates
I have a PostgreSQL 9.6.11 database on Amazon Linux that has been configured with a 2048-bit SSL wildcard server certificate and password-based (no client certificates) remote connections since ...
3
votes
1
answer
4k
views
Ubuntu cannot verify Sectigo certificate
On a server we adminster for a customer, no application can access certain HTTPS URLs, for example:
$ wget https://open-data.bielefeld.de/sites/default/files/...
3
votes
1
answer
12k
views
OpenSSL s_client returns unsupported certificate purpose on one machine but works normally on another with same certificates
I'm debugging TLS connection issue between host and docker container. My docker container has a server certificate:
-----BEGIN CERTIFICATE-----
...
3
votes
1
answer
2k
views
Let's Encrypt certificate on SQL Server 2019 - "The target principal name is incorrect"
Summary
I'm having trouble getting a certificate issued by Let's Encrypt R3 to work on SQL Server 2019. When using the certificate for SSL but not trusting the server certificate explicitly (In SSMS, ...
2
votes
1
answer
37k
views
Error "SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate" on lighttpd
I'm using a valid certificate but I'm not able to get client certificate. The lighttpd service fails with error:
(connections-glue.c.200) SSL: 1 error:140890C7:SSL routines:...
2
votes
2
answers
10k
views
ERR_SSL_VERSION_OR_CIPHER_MISMATCH with signed certificate in Tomcat
I have a tomcat server for which I needed a signed certificate. I generated a key using
keytool -genkey ....
and then generated a CSR and sent it to my company admin.
They gave me back a CER ...
2
votes
1
answer
2k
views
OpenSSL fails to detect expired intermediate CA certificate in s_client SSL connection test
By accident, I have an expired intermediate certificate at the end of my chain file in my Dovecot server's SSL configuration. It's enough of a problem that my Android e-mail client refuses to use it, ...
2
votes
1
answer
5k
views
openssl not find certificates unless specified with -CAfile
I'm struggling with openssl since some days.
I've compiled openssl on an ARM device and when I run openssl s_client -connect google.com:443 the connection will fail with error 20: unable to get local ...
2
votes
1
answer
2k
views
CloudFront redirection with ssl gives "invalid certificate" error when accessing https://company.com, but why?
I've configured an AWS CloudFront redirection (with SSL) using [this guide].1
I've configured an A record with Alias which points company.com. to the CloudFront domain name.
When I access the ...
2
votes
2
answers
1k
views
Ubuntu SSL now broken after make installing openssl
I was attempting to set up a Cisco VPN and had run into some issues, in the process of trying to correct those issues I made some changes to my certificates directory and ran several commands ...
2
votes
0
answers
638
views
openssl s_client shows an incorrect certificate chain
On one of my servers belonging to a customer I "suddenly" cannot verify any public TLS certificates. All requests to "the public" fail on an invalid certificate. I can, however, ...
2
votes
0
answers
953
views
NGINX: Configure to setup mTLS with ssl_client_certificate, ssl_verify_client, ssl_certificate and ssl_certificate_key
Right off the bat there are a couple posts that go through this issue but I am unsure what the settings are doing exactly in order to achieve the correct result. I'm able to verify the client but not ...
2
votes
0
answers
224
views
Not able to login to my node application after SSL certificate installation in nginx server
I have a node application having its front end deployed in Nginx http web server and the back end (molecular microservices) in node server both on an AWS ec2 Linux VM. the application URL is ...
2
votes
0
answers
1k
views
DLG_FLAGS_INVALID_CA and DLG_FLAGS_SEC_CERT_CN_INVALID
scenario is trying to connect via web browser to the IPMI of a new server I have; from Windows 10 either Internet Explorer 11 or Edge. Both report This site is not secure with the error being ...
2
votes
0
answers
844
views
Connecting to ssl mysql always fails with error 2026
I have mariadb version
10.1.21-MariaDB-1~jessie
(on debian 8) running a master-server replication scenario via ssl and it's working :
MariaDB [(none)]> show slave status\G;
******************...
1
vote
1
answer
4k
views
Certificate hasn't got a known issuer
The TLS (SSL) certificate on one of my site expired yesterday. I obtained a new one - and installed it on the site (running on Debian 9 under nginx). Now when I access the site from a windows or mac, ...
1
vote
2
answers
1k
views
How to resolve SSLProtocol Syntax Error
I am trying to install an SSL Certificate.
When I restart apache I get this error:
SSLProtocol: Illegal protocol '\xe2\x80\x93SSLv2'
Here are my conf file directives:
<VirtualHost *:443>
...
1
vote
2
answers
695
views
SSL CA certificate mismatch in browser view and OS view
I navigated to www.flipkart.com and viewed its certificate chain. There were two intermediate certificates namely Go Daddy Secure Certificate Authority - G2 and
Go Daddy Root Certificate Authority - ...
1
vote
1
answer
6k
views
Need help to establish secure ftp connection from linux to z/OS FTPS server
I need help to establish secure ftp connection from linux client to z/OS host running FTPS server.
From FTPS server admin I have got following information:
Host IP address, port, CA certificate file ...
1
vote
1
answer
661
views
Seeking ground truth on TLS certificates and MacOS - browser, curl, openssl compared
On a Mac, High Sierra 10.13.5, I'm seeing a difference in TLS certification validation. Chrome and Safari are happy with TLS validation when visiting https://www.visitflorida.com. Also, curl has no ...
1
vote
1
answer
6k
views
no trusted rsa public key found
I am trying to setup ikev2 with strongswan using a wildcard certificate.
The config seems to work for iOS with this certificate but doesn't work for Android, getting this error - no trusted rsa ...
1
vote
2
answers
749
views
SSL cert errors for certain browsers. How can I find out what SSL features old browsers don't support, which my site relies on?
The SSL Server test from ssllabs will test your HTTPS server and give you a score on how well your HTTPS server is set up. You can use that results to get the most secure HTTPS server.
I have a HTTPS ...
1
vote
2
answers
96
views
alert certificate expired:../ssl/record/rec_layer_s3.c:1543:SSL alert number 45 when sending mails from the same server that hosts postfix
So, I have setup an smtp server using smtp in a Debian 11 machine. It works perfect when sending emails from my phone and my computer, but it does not work when trying to send emails from the same ...
1
vote
2
answers
1k
views
OpenDKIM-provided tools do not provide a usable key-pair for DKIM
I use opendkim-genkey -b 2048 -t -s default -d mydomain.com, resulting in files default.private and default.txt. Yes, default.private begins (correctly, SFAIK) with -----BEGIN RSA PRIVATE KEY----- and ...
1
vote
2
answers
4k
views
Haproxy appears do be issuing the wrong certificate
I am trying to secure a domain with haproxy. When I load the URL: bitbucket.kl.company.com, I get the error:
bitbucket.kl.company.com uses an invalid security certificate.
This certificate is only ...
1
vote
1
answer
861
views
CertPathValidatorException with Windows server and Android client
I installed a new PositiveSSL certificate from Comodo on a Windows Server 2008 R2 computer. I successfully connected from the following clients
Chrome for Windows
Chrome for Android
Firefox for ...
1
vote
1
answer
859
views
Make gnutls-cli print local root certificate as well as server-provided certificates
I'm diagnosing a TLS certificate verification problem in Ubuntu Xenial that resulted from the recent Let's Encrypt root certificate expiration. The problem happens in cURL which uses GnuTLS under the ...
1
vote
1
answer
1k
views
Redirecting Error with google load balancer
I'm trying to setup Google Load Balancer and couldn't get it work. It produces either 502 or 302 error.
Wanting to direct www to non-www, http to https.
This is my rewrite rule
SetEnvIf X-...
1
vote
1
answer
3k
views
openssl alternative names is missing
I generated CA, with this article, and stored it in my machine. Now, I want to create a server certificate and use it in my webserver. This is my generate server certificate code:
#!/bin/bash
# USE: ....
1
vote
1
answer
5k
views
MySQL SSL error: wrong version number
I'm having difficulty with MySQL and OpenSSL. I'm running MySQL 5.7 and OpenSSL 1.1.0g on Ubuntu 16.04
Regardless of what certificates I load, MySQL starts up but does not establish a connection over ...
1
vote
0
answers
29
views
One individual being served a different scrambled security certificate for our website?
We have set up a new certificate for our website using Let's Encrypt. We don't have customers using the site yet, but when we test it from multiple locations, almost everyone that goes to our site is ...
1
vote
0
answers
375
views
kolla-ansible SSL certificate expired
My ssl certificate has expired in my openstack deployment and I can't login in and several services do not work well because of it.
How can I remediate to this? I tried to find a way to disable the ...
1
vote
1
answer
1k
views
Exchange 2019 ssl certificate invalid
I have installed Exchange 2019 for testing purposes.
I have purchased a domain name and a certificate.
After I installed it, the status shows: invalid.
Thank you.
Here is the result of certutil -...
1
vote
2
answers
3k
views
Gunicorn/Flask reject identical SSL certificate that works fine with Apache
What would cause a Gunicorn server running a Flask app to report a "sslv3 alert certificate unknown" error in the browser, when an Apache server running a WSGI app, using the exact same ...
1
vote
1
answer
3k
views
SSL error: No path found from the leaf certificate to any root. Maybe an intermediate certificate is missing
I've setup a personal mail server using postfix, postfix-saslauth, courier (mysqlauthd, imap, pop) plus some well practices like SPF, DKIM and DMARC.
This set up has been working fine for the last 10 ...