httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cohen, Laurence" <lco...@novetta.com>
Subject Re: [users@httpd] Cannot access my webserver any longer
Date Fri, 26 Jun 2015 17:21:30 GMT
Thank you.  Chrome says "You cannot visit website xxx.yyy.com right now
because the website sent scrambled credentials that Chrome cannot process.
I'm not sure where these credentials are coming from, but I'm assuming this
is the .crt files in httpd/conf/ssl.crt.

Thanks,

Larry

On Fri, Jun 26, 2015 at 1:16 PM, Yehuda Katz <yehuda@ymkatz.net> wrote:

> When Chrome does not show the coninue option, it usually has an additional
> error message where the button would be that shows more details.
> For example, this is an HSTS error:
> http://blogs.msdn.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-47-13-metablogapi/8446.chrome37_5F00_404325B2.png
>
> Microsoft lists several reasons that the continue button would not be
> shown in IE.
> http://blogs.msdn.com/b/ieinternals/archive/2014/02/02/10481591.aspx
>
> The error page’s *Continue* link is hidden:
>
>    1. If the certificate is revoked
>    2. If the certificate is deemed insecure
>    <http://blogs.msdn.com/b/ieinternals/archive/2012/06/13/windows-internet-explorer-block-rsa-key-shorter-than-1024-bits.aspx>
(e.g.
>    contains a 512-bit RSA key)
>    3. If the page is in a “pinned site” instance
>    <http://blogs.msdn.com/b/ie/archive/2011/03/11/internet-explorer-9-security-part-3-browse-more-securely-with-pinned-sites.aspx>
>    4. If group policy is set to Prevent Ignoring Certificate Errors
>
>
> The article is old, but I believe these are still correct.
> Could one of those be your issue?
> - Y
>
> On Fri, Jun 26, 2015 at 1:06 PM, Cohen, Laurence <lcohen@novetta.com>
> wrote:
>
>> Thanks for the response Yehuda.  Unfortunately Chrome doesn't give me
>> this error.  It just tells me that my connection isn't private.  When I
>> click on advanced there is no option to go forward to the web server like I
>> get on some of the other servers I work with.
>>
>> Larry Cohen
>>
>> On Fri, Jun 26, 2015 at 12:33 PM, Yehuda Katz <yehuda@ymkatz.net> wrote:
>>
>>> I have seen this happen when you send an HSTS header. The Chrome error
>>> would say that specifically.
>>> A workaround would be to install that certificate on your system (with
>>> the mmc certificate snap-in) so that it becomes a trusted certificate -
>>> trusted site in IE is not enough.
>>>
>>> - Y
>>>
>>> On Fri, Jun 26, 2015 at 10:54 AM, Cohen, Laurence <lcohen@novetta.com>
>>> wrote:
>>>
>>>> I have a test server on which we have a self-signed certificate.  I get
>>>> the error "There is a problem with this website's security certificate."
>>>> which is expected because I'm using a self-signed cert.  Normally I click
>>>> on "Continue to this website (not recommended)." and it goes through to my
>>>> website without a problem.  Now, however, the only thing that happens is
>>>> that the link mentioned in the last sentence disappears, and I don't get
to
>>>> my website.
>>>>
>>>> I'm using IE currently, but I've also tested in Firefox and Chrome and
>>>> I basically have the same problem.  The apache version is 2.2.  I looked
>>>> around for a solution, and I've added my site to the trusted sites as
>>>> recommended, but it still doesn't work.  I looked in the error_log and I
>>>> don't see anything except a child connecting and then disconnecting right
>>>> after that.
>>>>
>>>> Any suggestions would be appreciated.
>>>>
>>>> Thanks,
>>>>
>>>> Larry Cohen
>>>>
>>>
>>>
>>
>>
>> --
>>
>> [image: www.novetta.com]
>>
>> Larry Cohen
>>
>> System Administrator
>>
>>
>> 12021 Sunset Hills Road, Suite 400
>>
>> Reston, VA 20190
>>
>> Email  lcohen@novetta.com
>>
>> Office  703-885-1064
>>
>>
>


-- 

[image: www.novetta.com]

Larry Cohen

System Administrator


12021 Sunset Hills Road, Suite 400

Reston, VA 20190

Email  lcohen@novetta.com

Office  703-885-1064

Mime
View raw message