Re: Cannot access my webserver any longer

[Yehuda Katz <yehuda@xxxxxxxxxx>]

That is a generic error message when Chrome does not have a more specific error to show.

Something else I would try is to use something like the openssl command line to verify the certificate.

You can use the command "openssl s_client -connect server_name:443" to have OpenSSL tell you what certificate is actually being served.

Once it gets to the end of the output, it will appear to hang - it is actually waiting for input, so you can just stop it.

The output should show you the protocol and ciphers that were in use. Example:

What does yours say?

- Y

On Fri, Jun 26, 2015 at 1:21 PM, Cohen, Laurence <lcohen@xxxxxxxxxxx> wrote:

Thank you.  Chrome says "You cannot visit website xxx.yyy.com right now because the website sent scrambled credentials that Chrome cannot process.  I'm not sure where these credentials are coming from, but I'm assuming this is the .crt files in httpd/conf/ssl.crt.

Thanks,

Larry

On Fri, Jun 26, 2015 at 1:16 PM, Yehuda Katz <yehuda@xxxxxxxxxx> wrote:

When Chrome does not show the coninue option, it usually has an additional error message where the button would be that shows more details.

For example, this is an HSTS error: http://blogs.msdn.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-47-13-metablogapi/8446.chrome37_5F00_404325B2.png

Microsoft lists several reasons that the continue button would not be shown in IE.

http://blogs.msdn.com/b/ieinternals/archive/2014/02/02/10481591.aspx

The error page’s Continue link is hidden:

1. If the certificate is revoked
2. If the certificate is deemed insecure (e.g. contains a 512-bit RSA key)
3. If the page is in a “pinned site” instance
4. If group policy is set to Prevent Ignoring Certificate Errors

The article is old, but I believe these are still correct.

Could one of those be your issue?

- Y

On Fri, Jun 26, 2015 at 1:06 PM, Cohen, Laurence <lcohen@xxxxxxxxxxx> wrote:

Thanks for the response Yehuda.  Unfortunately Chrome doesn't give me this error.  It just tells me that my connection isn't private.  When I click on advanced there is no option to go forward to the web server like I get on some of the other servers I work with.

Larry Cohen

On Fri, Jun 26, 2015 at 12:33 PM, Yehuda Katz <yehuda@xxxxxxxxxx> wrote:

I have seen this happen when you send an HSTS header. The Chrome error would say that specifically.

A workaround would be to install that certificate on your system (with the mmc certificate snap-in) so that it becomes a trusted certificate - trusted site in IE is not enough.

- Y

On Fri, Jun 26, 2015 at 10:54 AM, Cohen, Laurence <lcohen@xxxxxxxxxxx> wrote:

I have a test server on which we have a self-signed certificate.  I get the error "There is a problem with this website's security certificate." which is expected because I'm using a self-signed cert.  Normally I click on "Continue to this website (not recommended)." and it goes through to my website without a problem.  Now, however, the only thing that happens is that the link mentioned in the last sentence disappears, and I don't get to my website.

I'm using IE currently, but I've also tested in Firefox and Chrome and I basically have the same problem.  The apache version is 2.2.  I looked around for a solution, and I've added my site to the trusted sites as recommended, but it still doesn't work.  I looked in the error_log and I don't see anything except a child connecting and then disconnecting right after that.

Any suggestions would be appreciated.

Thanks,

Larry Cohen

--

Larry Cohen

System Administrator

12021 Sunset Hills Road, Suite 400

Reston, VA 20190

Email  lcohen@novetta.com

Office  703-885-1064

--

Larry Cohen

System Administrator

12021 Sunset Hills Road, Suite 400

Reston, VA 20190

Email  lcohen@novetta.com

Office  703-885-1064