Monday, January 28, 2019

How To Solve the Most Common SSL Related Browser Warnings

Common SSL-Related Browser warnings  generated to prevent users from an unsecured connection. Without appropriate knowledge, the user tends to ignore these warnings. It is difficult for a common man to distinguish between normal warnings and serious ones. This can result in a bad user experience.

Without wasting time let’s discuss most common SSL related browser warnings and possible solutions.

Common SSL Related Browser Warnings

Google collected the sample of around 300 million errors within one year. Cause of 2/3rd of these errors was classified and was organized into three categories, these are:

  1. Server error: It arises when server presents an invalid/incomplete certificate chain. For example:
  2. Server date error. 
  3. Client error: It occurs when a certificate chain is not validated by the client from a properly configured server. For example:
         * Incorrect client clock

Incorrect client clock

Network error: This type of error arises when a network appliance replaces certificate chain with one that client can’t validate while intercepting an https:// connection.


Solutions to most common SSL related browser warnings
  • Server Data Error: Expired certificates are the main cause of almost all the server data errors. Simple solution for such errors is ‘do not let your SSL certificate expire’. It is possible that you have certificates from different Certificate Authorities (CAs). It might be difficult to keep track of each and every issued certificate. To resolve such issues, all you need is a management platform and inventory tool.
Solution:

Inventory tool: it will locate all certificates that you have installed and respective CAs who have issued them.
You can also use APIs and ACME protocol to keep track of installed SSL certificates.
  • Client Clock error: This is not a server related error. This type of error occurs when the system clock is incorrect. This might result in overlapping of current time and certificate validity period.
Solution: 
Leave a gap between receiving and actual using of the certificate. For example, you have received the SSL certificate on 28/1/19 and installed it on the very same day. If any of the client clocks are set in the past, it will trigger an error or warning.

No comments:

Post a Comment