Common errors and workarounds for SSL certificates

Source: Internet
Author: User
Tags globalsign ssl ssl certificate wildcard ssl wildcard ssl certificate fully qualified domain name

Issue: The security certificate issued by this web site is not issued by a trusted certification authority.

The SSL certificate that the server is using is not issued through a formal, globally trusted ca. Recommended purchase GlobalSign Ssl,geotrust SSL, Symante SSL certificate, SSL is usually because the certificate is not installed correctly, please check again if the original test certificate is deleted, if the certificate used by the website is correct, restart webserver.

Issue: The security certificate issued by this website is issued for other website addresses.

The domain name that corresponds to an SSL certificate is a full domain FQDN (Fully qualified domain name), If the domain name in the certificate is www.domain.com, then through other similar domain names: web.domain.com,app.domain.com,domain.com, the system will report and the domain name in the certificate does not match. If a site with more than one primary domain needs to request a certificate, a wildcard SSL certificate is recommended, and a multi-domain SSL certificate is required if the same primary domain is not the same.

Issue: This page contains unsafe content.

If a page needs to be accessed through HTTPS access, then all of the elements must be HTTPS mode, if there is: Picture, JS script, Flash plug-ins are called through HTTP, this error occurs, the most common is to call Flash playback plugin: codebase = ' http://download.macromedia.com/pub/shockwave/
Cabs/flash/swflash.cab ', change http to HTTPS, after the refresh test SSL problem is not resolved.

Issue: The security certificate issued by this website has expired or has not yet taken effect.

This identity site uses an SSL certificate that has expired, please check the validity period of the website certificate, if the site certificate is valid after this day, check the local computer's date setting, is correct. If the certificate has expired, please contact the customer service, renew the letter as soon as possible! will be able to handle the SSL error.

Question: Why do I receive a "No shared cipher" error when using the anonymous Diffie-hellman (ADH) algorithm?

By default, OpenSSL does not enable the ADH algorithm for security reasons. You can enable this algorithm only if you do understand the side effects of the algorithm.

In order to use the anonymous Diffie-hellman (ADH) algorithm, you must use the "-dssl_allow_adh" configuration option when you compile OpenSSL and add "ADH" to the sslciphersuite directive.


This article is from the "11347156" blog, please be sure to keep this source http://11357156.blog.51cto.com/11347156/1754556

Common errors and workarounds for SSL certificates

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.