httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yehuda Katz <yeh...@ymkatz.net>
Subject Re: [users@httpd] Cannot access my webserver any longer
Date Fri, 26 Jun 2015 17:57:04 GMT
That is a generic error message when Chrome does not have a more specific
error to show.

Something else I would try is to use something like the openssl command
line to verify the certificate.
You can use the command "openssl s_client -connect server_name:443" to have
OpenSSL tell you what certificate is actually being served.
Once it gets to the end of the output, it will appear to hang - it is
actually waiting for input, so you can just stop it.
The output should show you the protocol and ciphers that were in use.
Example:
[image: Inline image 1]

What does yours say?

- Y


On Fri, Jun 26, 2015 at 1:21 PM, Cohen, Laurence <lcohen@novetta.com> wrote:

> Thank you.  Chrome says "You cannot visit website xxx.yyy.com right now
> because the website sent scrambled credentials that Chrome cannot process.
> I'm not sure where these credentials are coming from, but I'm assuming this
> is the .crt files in httpd/conf/ssl.crt.
>
> Thanks,
>
> Larry
>
> On Fri, Jun 26, 2015 at 1:16 PM, Yehuda Katz <yehuda@ymkatz.net> wrote:
>
>> When Chrome does not show the coninue option, it usually has an
>> additional error message where the button would be that shows more details.
>> For example, this is an HSTS error:
>> http://blogs.msdn.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-47-13-metablogapi/8446.chrome37_5F00_404325B2.png
>>
>> Microsoft lists several reasons that the continue button would not be
>> shown in IE.
>> http://blogs.msdn.com/b/ieinternals/archive/2014/02/02/10481591.aspx
>>
>> The error page’s *Continue* link is hidden:
>>
>>    1. If the certificate is revoked
>>    2. If the certificate is deemed insecure
>>    <http://blogs.msdn.com/b/ieinternals/archive/2012/06/13/windows-internet-explorer-block-rsa-key-shorter-than-1024-bits.aspx>
(e.g.
>>    contains a 512-bit RSA key)
>>    3. If the page is in a “pinned site” instance
>>    <http://blogs.msdn.com/b/ie/archive/2011/03/11/internet-explorer-9-security-part-3-browse-more-securely-with-pinned-sites.aspx>
>>    4. If group policy is set to Prevent Ignoring Certificate Errors
>>
>>
>> The article is old, but I believe these are still correct.
>> Could one of those be your issue?
>> - Y
>>
>> On Fri, Jun 26, 2015 at 1:06 PM, Cohen, Laurence <lcohen@novetta.com>
>> wrote:
>>
>>> Thanks for the response Yehuda.  Unfortunately Chrome doesn't give me
>>> this error.  It just tells me that my connection isn't private.  When I
>>> click on advanced there is no option to go forward to the web server like I
>>> get on some of the other servers I work with.
>>>
>>> Larry Cohen
>>>
>>> On Fri, Jun 26, 2015 at 12:33 PM, Yehuda Katz <yehuda@ymkatz.net> wrote:
>>>
>>>> I have seen this happen when you send an HSTS header. The Chrome error
>>>> would say that specifically.
>>>> A workaround would be to install that certificate on your system (with
>>>> the mmc certificate snap-in) so that it becomes a trusted certificate -
>>>> trusted site in IE is not enough.
>>>>
>>>> - Y
>>>>
>>>> On Fri, Jun 26, 2015 at 10:54 AM, Cohen, Laurence <lcohen@novetta.com>
>>>> wrote:
>>>>
>>>>> I have a test server on which we have a self-signed certificate.  I
>>>>> get the error "There is a problem with this website's security
>>>>> certificate." which is expected because I'm using a self-signed cert.
>>>>> Normally I click on "Continue to this website (not recommended)." and
it
>>>>> goes through to my website without a problem.  Now, however, the only
thing
>>>>> that happens is that the link mentioned in the last sentence disappears,
>>>>> and I don't get to my website.
>>>>>
>>>>> I'm using IE currently, but I've also tested in Firefox and Chrome and
>>>>> I basically have the same problem.  The apache version is 2.2.  I looked
>>>>> around for a solution, and I've added my site to the trusted sites as
>>>>> recommended, but it still doesn't work.  I looked in the error_log and
I
>>>>> don't see anything except a child connecting and then disconnecting right
>>>>> after that.
>>>>>
>>>>> Any suggestions would be appreciated.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Larry Cohen
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> [image: www.novetta.com]
>>>
>>> Larry Cohen
>>>
>>> System Administrator
>>>
>>>
>>> 12021 Sunset Hills Road, Suite 400
>>>
>>> Reston, VA 20190
>>>
>>> Email  lcohen@novetta.com
>>>
>>> Office  703-885-1064
>>>
>>>
>>
>
>
> --
>
> [image: www.novetta.com]
>
> Larry Cohen
>
> System Administrator
>
>
> 12021 Sunset Hills Road, Suite 400
>
> Reston, VA 20190
>
> Email  lcohen@novetta.com
>
> Office  703-885-1064
>
>

Mime
View raw message