Website reporting invalid https SSL certificate only on some machines

Posted on

Website reporting invalid https SSL certificate only on some machines – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about linux, ssh, https, fedora, .

I’ve got a weird issue with a secure site, where some users reporting that their browsers are showing the site’s SSL Certificate as being invalid.

The site is running on a dedicated server running Fedora 17 (i.e. no other virtual hosts are running on that particular web server) and the SSL is through GoDaddy.

The only thing that I can possibly think of as being a possible cause is that there are other (non-secure) domain names that point to the same IP Address, though they’re being hosted on another machine. In this setup, I have two web servers with non-routable ips behind a router which has the dedicated public ip as its wan address. Depending on the port (80 or 443), the router forwards the requests to the appropriate web server.

The weird thing that’s been confounding me is that the errors are only being reported from some people, not everyone, and I haven’t been able to reproduce the issue myself. Are there any glaring issues with my setup and/or can someone suggest a way to even troubleshoot this problem?

Solution :

There is a nice little description on how to check a certificate closer to your private vlan…
http://www.cyberciti.biz/faq/test-ssl-certificates-diagnosis-ssl-certificate/

Sorry about putting this in the answer section…I do not see a “comment” button and I believe I need to get up to 50 reputation points to be able to comment. If somebody knows otherwise…I am all ears 🙂 I feel stupid “answering” when all I really want to do is comment.

Based on the information listed at SSL Checker, provided by @David Shwartz (big ups), the issue was that my Apache configuration only had the SSLCertificateFile and the SSLCertificateKeyFile directives defined and was missing the SSLCertificateChainFile directive, thus defining no intermediate Certificate defined. A good explanation (too long to quote here) can be found here.

The solution was to define the SSLCertificateChainFile in my virtual host configuration. So my

  • SSLCertificateFile /path/to/your/certificate/file
  • SSLCertificateKeyFile /path/to/your/key/file
  • SSLCertificateChainFile /path/to/intermediate/bundle/file

Everything looks good now!

Leave a Reply

Your email address will not be published. Required fields are marked *