website ssl certificate issue

Discussion of items in the "What's New" log.

website ssl certificate issue

Postby josh » Wed Jan 06, 2016 4:20 pm

I received a bunch of reports that people were getting error messages saying that the SSL certificate on our website has been revoked.

I could not reproduce the issue, and I spent some time researching it, but finally gave up and simply installed a new certificate on the server. I hate to say it, but I am not sure whether this will resolve the issue. If you are still having trouble after reading this, please let me know.
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Re: website ssl certificate issue

Postby End User » Tue Mar 29, 2016 8:04 pm

Hi Josh

How about making this entire forum to use a secure login and HTTPS? At least the login page should be HTTPS since that would hide our passwords which at this time are being sent in the clear with no security that anyone can intercept.

Also to whatever extent you are using either SSL v3.0 or TLS v1.0 anywhere please change it so that only TLS 1.1 and TLS 1.2 are only able to be used.

More information is available here for securing anyone's browsers on how to: Turn Off SSL 3.0 and TLS 1.0 in Your Browser.

Of course servers need different fixes.

Josh, hopefully you have a Risk Assessment and Risk Mitigation Plan already in place and are working to implement it. After June 30, 2016 it will be a whole different story, right?

Further reading from SecurityMetrics (these issues are not only for credit card transactions.): http://blog.securitymetrics.com/2015/04/pci-3-1-ssl-and-tls.html

Best Regards
End User
 
Posts: 19
Joined: Sun Jan 13, 2013 8:25 pm

Re: website ssl certificate issue

Postby josh » Wed Mar 30, 2016 8:16 pm

There is nothing about the service that is PCI compliant :)

The main website has been using TLS 1.2 for quite a while now.

I have never thought about securing the bbs, which is totally separate from the main service.
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Re: website ssl certificate issue

Postby Clewby » Sun Nov 27, 2016 11:58 am

josh wrote:I received a bunch of reports that people were getting error messages saying that the SSL certificate on our website has been revoked.

I could not reproduce the issue, and I spent some time researching it, but finally gave up and simply installed a new certificate on the server. I hate to say it, but I am not sure whether this will resolve the issue. If you are still having trouble after reading this, please let me know.


It resolved the issue for me, or rather, for the user I was supporting who had the issue - which is to say, the user was able to use the website after you changed the certificate when it was not possible beforehand. Since I couldn't work out the technical issue either, I can only assume the strong correlation is because what you did fixed (or by-passed) the actual problem.

I hate problems where you can't find the root cause, but you can, apparently, fix them by a 'simple' change.
Clewby
 
Posts: 44
Joined: Mon Jun 13, 2011 4:48 pm


Return to What's New

Who is online

Users browsing this forum: No registered users and 4 guests

cron