Common errors and workarounds for SSL certificates

Common errors and workarounds for SSL certificates

Issue: The security certificate issued by this web site is not issued by a trusted certification authority.

The SSL certificate that the server is using is not issued through a formal, globally trusted ca. Recommended purchase GlobalSign Ssl,geotrust SSL, Symante SSL certificate, SSL is usually because the certificate is not installed correctly, please check again if the original test certificate is deleted, if the certificate used by the website is correct, restart webserver.

Issue: The security certificate issued by this website is issued for other website addresses.

The domain name that corresponds to an SSL certificate is a full domain FQDN (Fully qualified domain name), If the domain name in the certificate is www.domain.com, then through other similar domain names: web.domain.com,app.domain.com,domain.com, the system will report and the domain name in the certificate does not match. If a site with more than one primary domain needs to request a certificate, a wildcard SSL certificate is recommended, and a multi-domain SSL certificate is required if the same primary domain is not the same.

Issue: This page contains unsafe content.

If a page needs to be accessed through HTTPS access, then all of the elements must be HTTPS mode, if there is: Picture, JS script, Flash plug-ins are called through HTTP, this error occurs, the most common is to call Flash playback plugin: codebase = ' http://download.macromedia.com/pub/shockwave/
Cabs/flash/swflash.cab ', change http to HTTPS, after the refresh test SSL problem is not resolved.

Issue: The security certificate issued by this website has expired or has not yet taken effect.

This identity site uses an SSL certificate that has expired, please check the validity period of the website certificate, if the site certificate is valid after this day, check the local computer's date setting, is correct. If the certificate has expired, please contact the customer service, renew the letter as soon as possible! will be able to handle the SSL error.

Question: Why do I receive a "No shared cipher" error when using the anonymous Diffie-hellman (ADH) algorithm?

By default, OpenSSL does not enable the ADH algorithm for security reasons. You can enable this algorithm only if you do understand the side effects of the algorithm.

In order to use the anonymous Diffie-hellman (ADH) algorithm, you must use the "-dssl_allow_adh" configuration option when you compile OpenSSL and add "ADH" to the sslciphersuite directive.

Common errors and workarounds for SSL certificates