Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

SSL Error

Posted on 2015-02-18
10
Medium Priority
?
115 Views
Last Modified: 2015-02-19
Hi,

I bought an SSL cert from cheapsslsecurity.com a few weeks ago.

I installed it and it has been working fine up until now.

I was on my site this morning and it was working fine, however all of a sudden when i visit it now i get the following message:

error
I have a dedicated IP address too, but maybe i don't think i listed it when i was buying / setting up the cert... is it possible to change that, if so can you advise how.

ip
Thanks in advance for your help
0
Comment
Question by:oo7ml
  • 5
  • 5
10 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 2000 total points
ID: 40617690
Oddly, when I went and fetched the certificate from the site I had no issues with the cert - the command:

openssl s_client -connect 46.22.134.64:443 -showcerts

got me the certificate, as expected, and inspection showed a AIA url of
http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt

which gave the correct intermediate (and testing showed a good signature chain all the way up to the AddTrust External CA Root). In your place I would suspect an intercepting proxy is in place, and is attempting to "spoof" the certificate, as indicated by the warning. Fetch the certificate again, and check it (and its public key thumbprint, which I see as 12 6f d3 9a 62 3f f3 41 24 34 f2 cc ec a2 42 65 4f 6f 84 a8 from here) against the issued cert you installed.
0
 

Author Comment

by:oo7ml
ID: 40617730
Thanks Dave, strangely enough... I refreshed my browser when I got home, and it was working fine again.

Any advice on specifying a dedicated IP?
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40618339
You already seem to have one - if you see my notes from the testing, I specified an IP, not a domain name, when fetching your cert using OpenSSL - and got the right cert.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 

Author Comment

by:oo7ml
ID: 40618440
Thanks Dave, much appreciated.

On a separate note, why do most hosting companies charge on average €100 for an SSL cert when you can buy the for €7 on cheapsslsecurity.com?
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40618599
Because the bigger names are still clinging to a pricing model that was valid back when there were only a handful of CAs, all based in the USA. A Verisign cert (for example) is no more or less valid than a GoDaddy one, but 10x the price.
0
 

Author Comment

by:oo7ml
ID: 40618615
Ah ok coo, thanks again for all of your help, much appreciated.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40618651
NP. With any luck, we will find something better in the future - there is no real reason why, once DNS is digitally signed, we should continue to pay a CA to demonstrate someone gave them money....
0
 

Author Comment

by:oo7ml
ID: 40618676
Yeah, the whole process seems a bit out dated. Surely everything website should be encrypted by now using a standardised system.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40618982
Nothing wrong with the underlying idea - using PKI to protect a session key, or in the case of DHE, protect the negotiation of a session key.  The issue is in
a) having to pay a CA to certify your key is your key
b) having to trust a CA does a good enough job of checking that for your $30 or whatever that you can rely on it for a $1M transaction...
0
 

Author Comment

by:oo7ml
ID: 40619024
Ok cool, thanks Dave, appreciate you coming back to explain all of that.
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question