Weird SSL errors [SOLVED]



  • I have been seeing a weird artifact.  When I go to my SSL-secured domain in Chrome or IE or Firefox (all latest), I see the nicely-secured padlock in either green or grey.  In my bosses browsers, it appears with a warning icon saying my cert has an intermediary that was signed with SHA1.  I don't understand how it can be reported two different ways when it's the same website and same browser versions.  Now I come here and just noticed a cert error here.  Is this a legit error or is there something funny going on?




  • It shows the yellow triangle on pages that pull something from HTTP. On this thread, your avatar causes that. On pages that don't have a link or image to something on HTTP, you get the green padlock. Like this one for example.
    https://forum.pfsense.org/index.php?topic=96922.0;topicseen

    Ciphers could use a little tightening up again on here. We do that every few months or so, keeping it to an A on SSLLabs. That's changed a bit again and we're down to a B. I'll check into that later, it's not anything really problematic.



  • I can understand the mix of protocols when it's pulling an image from offsite, but I'm still scratching my head over my domain.  Here at home it works fine on FF and gives me the warning in Chrome.  I wonder if there's a problem with my CA cert.  I'll grab a new one from them just in case.



  • Fixed it.  I grabbed their bundle cert and used that instead of their class 1 intermediary server cert. When I looked up the chain of my cert when using their class 1 server cert, some of the intermediaries were SHA1-encoded.  Chrome seems happy now.


Log in to reply