?
Solved

SSL Error

Posted on 2015-02-18
10
Medium Priority
?
109 Views
Last Modified: 2015-02-19
Hi,

I bought an SSL cert from cheapsslsecurity.com a few weeks ago.

I installed it and it has been working fine up until now.

I was on my site this morning and it was working fine, however all of a sudden when i visit it now i get the following message:

error
I have a dedicated IP address too, but maybe i don't think i listed it when i was buying / setting up the cert... is it possible to change that, if so can you advise how.

ip
Thanks in advance for your help
0
Comment
Question by:oo7ml
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 2000 total points
ID: 40617690
Oddly, when I went and fetched the certificate from the site I had no issues with the cert - the command:

openssl s_client -connect 46.22.134.64:443 -showcerts

got me the certificate, as expected, and inspection showed a AIA url of
http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt

which gave the correct intermediate (and testing showed a good signature chain all the way up to the AddTrust External CA Root). In your place I would suspect an intercepting proxy is in place, and is attempting to "spoof" the certificate, as indicated by the warning. Fetch the certificate again, and check it (and its public key thumbprint, which I see as 12 6f d3 9a 62 3f f3 41 24 34 f2 cc ec a2 42 65 4f 6f 84 a8 from here) against the issued cert you installed.
0
 

Author Comment

by:oo7ml
ID: 40617730
Thanks Dave, strangely enough... I refreshed my browser when I got home, and it was working fine again.

Any advice on specifying a dedicated IP?
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40618339
You already seem to have one - if you see my notes from the testing, I specified an IP, not a domain name, when fetching your cert using OpenSSL - and got the right cert.
0
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

 

Author Comment

by:oo7ml
ID: 40618440
Thanks Dave, much appreciated.

On a separate note, why do most hosting companies charge on average €100 for an SSL cert when you can buy the for €7 on cheapsslsecurity.com?
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40618599
Because the bigger names are still clinging to a pricing model that was valid back when there were only a handful of CAs, all based in the USA. A Verisign cert (for example) is no more or less valid than a GoDaddy one, but 10x the price.
0
 

Author Comment

by:oo7ml
ID: 40618615
Ah ok coo, thanks again for all of your help, much appreciated.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40618651
NP. With any luck, we will find something better in the future - there is no real reason why, once DNS is digitally signed, we should continue to pay a CA to demonstrate someone gave them money....
0
 

Author Comment

by:oo7ml
ID: 40618676
Yeah, the whole process seems a bit out dated. Surely everything website should be encrypted by now using a standardised system.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40618982
Nothing wrong with the underlying idea - using PKI to protect a session key, or in the case of DHE, protect the negotiation of a session key.  The issue is in
a) having to pay a CA to certify your key is your key
b) having to trust a CA does a good enough job of checking that for your $30 or whatever that you can rely on it for a $1M transaction...
0
 

Author Comment

by:oo7ml
ID: 40619024
Ok cool, thanks Dave, appreciate you coming back to explain all of that.
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you need a certificate so you can offer SSL encryption.  But which one should you get?  There are so many choices out there! Here is a generic overview of the main types of SSL certificates sold by the majority of commercial Certification Auth…
Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question