Monday, August 13, 2018

Solutions For Most Common SSL Related Browser Warnings

Common SSL-Related Browser warnings- are something that everyone comes across at some point. These warnings are generated to prevent users from an unsecured connection. Without appropriate knowledge, the user tends to ignore these warnings. It is difficult for a common man to distinguish between normal warnings and serious ones. This can result in a bad user experience. So, to resolve this issue, Google has released the result of a study on browser warnings under the heading ‘where the wild warnings are: The Root cause of Chrome HTTPS certificate errors’.




Common SSL Related Browser Warnings :

1) Server Data Error: Expired certificates are the main cause of almost all the server data errors. Simple solution for such errors is ‘do not let your SSL certificate expire’. It is possible that you have certificates from different Certificate Authorities (CAs). It might be difficult to keep track of each and every issued certificate. To resolve such issues, all you need is a management platform and inventory tool.

Solution:
  • Inventory tool: it will locate all certificates that you have installed and respective CAs who have issued them.
  • You can also use APIs and ACME protocol to keep track of installed SSL certificates.
2) Server Authority invalid error: Major browsers have come up with a list of trusted CA’s. If you want to verify the authenticity of your CA, you can look for their name in this list. Also, check whether the certificates of your website are chained to a root. Along with is also check whether it is listed in the browser’s trust list. The Error can occur due to the use of self-signed certificates or government operated roots. The Government operated roots are not listed in Standard trusted store. Use of such roots can lead to warnings.

Solution:
  • Do not use self-signed certificates on the public website
  • Ask your employees to ignore warnings only for internal sites (intranet), not for general browsers.
  • Some CA’s offer non-public roots designed specifically for internal networks.
3) Insufficient intermediates: Along with end-certificate, intermediates certificates are also provided by the server. Most of CAs have their own set of intermediates.

 Solution:
  • It is important to install appropriate intermediates on the server you are using else browser will issue a warning.
4) Client Clock error: This is not a server related error. This type of error occurs when the system clock is incorrect. This might result in overlapping of current time and certificate validity period.

Solution:
  • Leave a gap between receiving and actual using of the certificate. For example, you have received the SSL certificate on 16/7/18 and installed it on the very same day. If any of the client clocks are set in the past, it will trigger an error or warning.

It is important to choose SSL certificate according to your requirements and configure SSL certificate properly. If you want to get Comodo SSL Certificates for your website then feel free to contact our team at The SSL Street. Contact us at the toll-free number +1 (888) 606-7330 or try the 24/7 email support at info@thesslstreet.com

No comments:

Post a Comment