Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Weird SSL errors [SOLVED]

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    4 Posts 2 Posters 978 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • KOMK
      KOM
      last edited by

      I have been seeing a weird artifact.  When I go to my SSL-secured domain in Chrome or IE or Firefox (all latest), I see the nicely-secured padlock in either green or grey.  In my bosses browsers, it appears with a warning icon saying my cert has an intermediary that was signed with SHA1.  I don't understand how it can be reported two different ways when it's the same website and same browser versions.  Now I come here and just noticed a cert error here.  Is this a legit error or is there something funny going on?

      ssl.png
      ssl.png_thumb

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        It shows the yellow triangle on pages that pull something from HTTP. On this thread, your avatar causes that. On pages that don't have a link or image to something on HTTP, you get the green padlock. Like this one for example.
        https://forum.pfsense.org/index.php?topic=96922.0;topicseen

        Ciphers could use a little tightening up again on here. We do that every few months or so, keeping it to an A on SSLLabs. That's changed a bit again and we're down to a B. I'll check into that later, it's not anything really problematic.

        1 Reply Last reply Reply Quote 0
        • KOMK
          KOM
          last edited by

          I can understand the mix of protocols when it's pulling an image from offsite, but I'm still scratching my head over my domain.  Here at home it works fine on FF and gives me the warning in Chrome.  I wonder if there's a problem with my CA cert.  I'll grab a new one from them just in case.

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            Fixed it.  I grabbed their bundle cert and used that instead of their class 1 intermediary server cert. When I looked up the chain of my cert when using their class 1 server cert, some of the intermediaries were SHA1-encoded.  Chrome seems happy now.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.