Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl-certificate-errors]

124 questions
33
votes
4 answers

Is the alert “SSL3_READ_BYTES:sslv3 alert bad certificate” indicating that the SSL failed

While running the below command openssl s_client -host example.xyz -port 9093 I get the following error: 139810559764296:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1259:SSL alert number…
kris433
  • 433
  • 1
  • 4
  • 5
19
votes
5 answers

Two Way SSL Error - 400 The SSL certificate error just for client certificate

I am trying to configure two-way SSL with SSL certs (for server and client) signed by Intermediate CAs. This is what I have done so far following this tutorial. Server - nginx application Nginx is configured with SSL certificate (signed by an…
vikas027
  • 1,189
  • 2
  • 11
  • 15
18
votes
4 answers

Nginx SSL_do_handshake() failed SSL: error:1417D18C:SSL

Today we've installed a SSL certificate (from letsencrypt) on our server which hosts a very busy website. After a few hours we've noticed that we have some users are getting errors from nginx: 2018/03/28 13:04:48 [crit] 8997#8997: *604175694…
user1518820
  • 181
  • 1
  • 1
  • 3
6
votes
2 answers

SSL_ERROR_NO_CYPHER_OVERLAP error with signed certifcate

My company has supplied a Tomcat/MySQL based application to a customer that by default uses http. At the request of the customer I enabled this to use https by creating a self-signed certificate. This worked subject to the expected browser error…
Darren
  • 331
  • 3
  • 4
  • 13
5
votes
3 answers

SSL issues "Peer's certificate issuer has been marked as not trusted by the user."

We have a public facing development server that requires SSL for a particular function. Yet EVERYTHING that uses SSL in any form returns curl: (60) Peer's certificate issuer has been marked as not trusted by the user. This is not an issue of "Well…
James F
  • 71
  • 1
  • 1
  • 7
4
votes
1 answer

SSL client certificate authentication returns "21:unable to verify the first certificate"

I'm in the process of transferring some of my old-and-busted apache2 web servers to newer and more resilient nginx containers. On my old web server, I have an apache2 server that hosts secretbackdoor.example.com, which authenticates "users" (only…
scuba_mike
  • 376
  • 4
  • 11
4
votes
3 answers

openssl keeps creating v1 certificate instead of v3

Hell everyone, so i'm trying to create a self signed certificate for my domain and for some reason openssl keeps creating V1 certificates for my server instead of V3 and that is causing browsers to not give me the "green lock" when im there. Any…
Ghaith Haddad
  • 73
  • 1
  • 3
  • 6
4
votes
1 answer

Mutual SSL authentication and requirements for certificates

For our internal tests I need to set up the mutual SSL authentication between our IIS server (it hosts two applications: ASP.NET web GUI and a web service) and clients (accessing the server in two possible ways: web GUI with a browser and web…
Maciek
  • 143
  • 5
4
votes
2 answers

Can't secure sub domain with SSL

I am trying to secure a sub domain: bitbucket.kl.company.com The certificate is for *.company.com. So I get an error: bitbucket.kl.company.com uses an invalid security certificate. The certificate is only valid for the following names:…
eeijlar
  • 323
  • 3
  • 7
4
votes
1 answer

Cannot get cURL or wget to validate some SSL certificates

I've noticed that our link checker, which uses cURL, fails more and more often to validate SSL certificates. I'm trying to get to the bottom of this. https://www.bgetem.de/, for instance, opens just fine on every browser (IE 11, Firefox, Opera,…
user2323470
  • 183
  • 4
  • 9
4
votes
1 answer

nginx ssl configuration per virtual host

I am switching configuration from a single host to several virtual hosts on the nginx server. Until my changes, ssl was working correctly, but after adding several virtual hosts, each with unique domain name and - consequently - different…
Maciej Dobrowolski
  • 203
  • 1
  • 3
  • 9
4
votes
3 answers

Email server certificate valid according to CheckTLS, invalid according to Thunderbird

I have set up an email server using docker-mailserver. DKIM, SPF, and DMARC are configured fine. SSL was set up using Let's Encrypt. Server has TLS and STARTTLS enabled. I ran a TLS/SSL test on https://www.checktls.com/TestReceiver , and it said…
thanks_in_advance
  • 173
  • 1
  • 2
  • 8
4
votes
1 answer

How to diagnose "CA certificate too weak" error, how to use the CA cert anyway?

I have to use a service that uses self-signed certificate (from Ubuntu). I have added the company's CA to the trusted list (Ubuntu). After that "self signed certificate in chain" error is gone but now I get "CA certificate too weak" error. E.g. curl…
Petr Gladkikh
  • 183
  • 1
  • 1
  • 9
3
votes
1 answer

OpenSSL s_client returns unsupported certificate purpose on one machine but works normally on another with same certificates

I'm debugging TLS connection issue between host and docker container. My docker container has a server certificate: -----BEGIN…
paulus
  • 133
  • 1
  • 5
3
votes
2 answers

Errors when attempting to connect to PostgreSQL 9.6 using SSL wildcard server certificate and no client certificates

I have a PostgreSQL 9.6.11 database on Amazon Linux that has been configured with a 2048-bit SSL wildcard server certificate and password-based (no client certificates) remote connections since January 2012. After a recent certificate upgrade…
Parker
  • 773
  • 2
  • 11
  • 27
1
2 3
8 9