Linux – SSL on AWS? Cert installed but still having issues

certificate-authoritylinuxSecurityssl

We bought an SSL certificate (From Comodo) and when I visit the page in Chrome I see the green padlock and it has the following information:

Your connection to ...... is encrypted with 128-bit encryption.

The connection uses TLS 1.2.

The connection is encrypted and authenticated using AES_128_GCM and uses RSA as the key exchange mechanism.

Above that there is the following information:

The identity of this website has been verified by EssentialSSL CA but does not have public audit records.

The problem is that requests coming from Android devices, PHP (cURL), PLC's, etc all get certificate warnings and in turn the requests do not process. In some cases you can ignore the warnings however that is bad practice and is also not possible in all scenarios. I am at a loss for what is wrong but I would love some insight into what exactly the problem is and how to go about fixing it. My understanding is that Comodo is a root CA so I am not sure what the issue is.

Any help would be much appreciated.

Best Answer

Did you combine the certs correctly? https://support.comodo.com/index.php?_a=viewarticle&_m=knowledgebase&kbarticleid=1365

It sounds a bit like that could be the issue

Related Solutions

Security – Our security auditor is an idiot. How to give him the information he wants

First, DON'T capitulate. He is not only an idiot but DANGEROUSLY wrong. In fact, releasing this information would violate the PCI standard (which is what I'm assuming the audit is for since it's a payment processor) along with every other standard out there and just plain common sense. It would also expose your company to all sorts of liabilities.

The next thing I would do is send an email to your boss saying he needs to get corporate counsel involved to determine the legal exposure the company would be facing by proceeding with this action.

This last bit is up to you, but I would contact VISA with this information and get his PCI auditor status pulled.

Nginx – Problems with IE/wget confusing a subdomain’s SSL cert with the main domain’s cert

# dig stats.psychicbazaar.com
[...]
;; ANSWER SECTION:
stats.psychicbazaar.com. 3600   IN      A       178.79.183.162
[...]
# dig www.psychicbazaar.com
[...]
;; ANSWER SECTION:
www.psychicbazaar.com.  3600    IN      A       178.79.183.162
[...]

How exactly is your web server supposed to know which certificate to serve for a TLS exchange if you are using the same IP address for both? This won't work:

http://wiki.apache.org/httpd/NameBasedSSLVHosts

As a rule, it is impossible to host more than one SSL virtual host on the same IP address and port. This is because Apache needs to know the name of the host in order to choose the correct certificate to setup the encryption layer. But the name of the host being requested is contained only in the HTTP request headers, which are part of the encrypted content. It is therefore not available until after the encryption is already negotiated.

Related Topic