Wednesday, August 29, 2018

Let's Understand The SSL-Related Browser Errors & Their Solutions

Basic SSL-Related Browser alerts are something that everybody runs across at some point. Without fitting information, the client has a tendency to disregard these alerts. It is difficult for a common man to recognize ordinary admonitions and genuine ones. This can result in an awful client experience. In this way, to determine this issue, Google has discharged the consequence of an investigation on program alerts under the heading 'where the wild warnings  are:The Root cause of Chrome HTTPS certificate errors’.Without wasting time let’s discuss most common SSL related browser warnings and possible solutions.

1) Server Data Error: Expired certificates are the main cause of almost all the server data errors. Simple solution for such errors is ‘do not let your SSL certificate expire’. It is possible that you have certificates from different Certificate Authorities (CAs). It might be difficult to keep track of each and every issued certificate. To resolve such issues, all you need is a management platform and inventory tool.

Solution:
  • Inventory tool: it will locate all certificates that you have installed and respective CAs who have issued them.
  • You can also use APIs and ACME protocol to keep track of installed SSL certificates.
2) Server name mismatch error: When Comodo Wildcard SSL certificate is installed, it is important to include all sub-domain names along with host domain. You can include ‘within the scope’ or specific domain name. Remember ‘www’ and ‘non-www’ domain versions are not one of the same things. Wildcard error can arise due to oversight or multiple levels of the domain. For example: If you have installed the certificate for *.mysite.com, there are chances that it may not cover ‘example .shop.mysite.com’.

Solution:
  • You have to include both on the certificate or list them under Wildcard SSL certificate.
  • Double check host-name while including it in your certificate.


3) Server Authority invalid error: Major browsers have come up with a list of trusted CA’s. If you want to verify the authenticity of your CA, you can look for their name in this list. Also, check whether the certificates of your website are chained to a root. Along with is also check whether it is listed in the browser’s trust list. The Error can occur due to the use of self-signed certificates or government operated roots. The Government operated roots are not listed in Standard trusted store. Use of such roots can lead to warnings.

Solution:
  • Do not use self-signed certificates on the public website
  • Ask your employees to ignore warnings only for internal sites (intranet), not for general browsers.
4) Client Clock error: This is not a server related error. This type of error occurs when the system clock is incorrect. This might result in overlapping of current time and certificate validity period.

Solution: 

  • Leave a gap between receiving and actual using of the certificate. For example, you have received the SSL certificate on 16/7/18 and installed it on the very same day. If any of the client clocks are set in the past, it will trigger an error or warning.

No comments:

Post a Comment