SSL certificate (SSL certificate)Used on millions of websites to provide security for online transactions. However, during the implementation of SSL, some problems may occur, on the screen the user displays the error message.
SSL connection error
An SSL connection error occurs during the process if you try to connect to an SSL-enabled web site and your browser (client) cannot make a secure connection to the site’s server.
Depending on the cause of the SSL connection error, the browser will display warnings like “This Connection is Untrusted“,”The site’s security certificate is not trusted“Or”Your Connection is not private”.
Here Taimienphi.vn will guide you how to fix SSL connection error.
Fix The SSL certificate for this website is not trusted
The Internet browser will display an error message stating that the website certificate is not trusted in the case if the certificate has not been registered by a trusted certificate authority (CA). In order for the browser to accept the certificate, that browser must be associated with a “trusted root certificate”.
Trusted root certificates are embedded in popular browsers like Internet Explorer, Firefox, Chrome and Comodo Dragon. These root certificates are used as a “trusted tool” to verify the validity of all website certificates encountered by the browser. If a certificate is not signed by one of these root certificates, the browser will announce that it is an untrusted certificate and the visitor will receive the above error message.
Most trusted root certificates on the browser are recognized by the Certificate Authority (CA) provider. When the CA signs a website certificate, the site’s certificate is associated with one of their trusted root certificates in the browser certificate store.
For security reasons, most digital certificate providers – CAs do not register end-entities directly from the root certificate, instead they use the Intermediate certificate to create a “chain of trust.” trust) in the original certificate. In this system, the original certificate will sign the Intermediate certificate and the Intermediate certificate will be used to sign the certificate for individual websites.
So the error “Untrusted” (unreliable) is usually caused by one of the following 2 causes:
– Website using self-signed certificate (Self Signed Certificate)
In many cases, the “Untrusted” error occurs because the site is using a Self Signed Certificate. As the name implies, a self-signed certificate is a certificate created by a website owner using webserver software and self-signed a certificate for itself. Therefore, this certificate is not associated with any trusted root certificate in the browser certificate store and the browser will display the “Untrusted” error (not trusted).
Self-signed certificates have many advantages. Firstly, this is a free-to-use and well-used certificate on internal servers. However, these certificates are not recommended for deployment on commercial websites.
– Intermediate certificate has not been installed
Another potential cause of the “Untrusted” error is that the site’s Admin does not install all Intermediate certificates correctly on their webserver. The following is an illustrative example of this error:
In the diagram above you can see the certificate for www.comodo.com
When visitors create a connection with www.comodo.com
Most digital certificate providers (CA) will send CA bundle files containing all the required Intermediate certificates with the end-entity to the site owner. However, if the webserver administrator does not install all Intermediate certificates, the user will receive a “certificate not trusted” error message.
Error Certificate Name Mismatch
The “Certificate Name Mismatch” error occurs when the server displays the domain name listed on the SSL certificate that does not match the domain name that the browser is connected to. To start an HTTPS session, the domain name on the certificate must match the domain name in the browser address bar exactly.
Here are some of the causes of the error:
– Website / server is accessed using internal server name or IP address but the certificate is only issued with a fully qualified Domain Name (such as www.domain.com)
– The certificate issued is domain.com, but in the browser address bar is entered as www.domain.com
However, if you face the “Certificate Name Mismatch” error, this may be the cause of the error. Use the certificate Wildcard can help you fix this SSL connection error that occurs because any and all subdomains of domain.com will be automatically protected.
– Error Certificate Name Mismatch can occur when multiple websites are hosted on the same IP address. This often happens in many shared hosting environments. In a normal HTTP connection, the browser tells the server which domain it wants to connect to the host header.
However, when an HTTPS connection is made, handshaking with SSL means that the browser requests a certificate from the server before presenting the host header. As a result, the server has no information needed to decide which certificate to send and will present the wrong certificate.
IfThere is only one website and one certificate on an IP host, the cause of the error is not here. However, if there are multiple websites located on the same IP address, the server may provide a certificate for the wrong domain name. To prevent this, users can use Multi-Domain certificates, which allows website owners to add all websites and hostnames to the Subject Alternative Name (SAN) field of the certificate.
Mixed content error
If the visitor chooses Yes, all entries will be displayed but the connection will return to an insecure HTTP connection. If selected No then only safe items will be displayed. That is, certain videos and images will not be displayed or the page will not execute important scripts. Either way, this is a bad signal to your site visitors.
Here’s how the site admin can apply to fix SSL connection errors Mixed content:
– Do not call any insecure content via HTTP or port number 80. Change all references from HTTP to HTTPS. Make sure you have SSL set up on the source location. If you use sub-domains to host your website elements, a Wildcard certificate may be useful to you.
– Use relative links on your site instead of using absolute links. For example, instead of using src = http: //mydomain.com/my-script.js, you can use scr = / my-script.js. If your homepage is accessed via HTTPS, the browser will load /my-script.js via HTTPS. This technique is also useful if your website references external content as server via HTTP (e.g. YouTube or Google Analytics).
– Trade upon SSL on your entire website. This is to ensure a better level of security for your site visitors, and this is also the criteria that Google uses to rank web page rankings, improve SEO somewhat.
Note that deploying SSL on your entire site means you have 2 copies of content, so you will have to “tell” the search engine which version is authoritative. To do this thing:
+ Tell the search engine which version of HTTPS is authoritative by updating the link to point to the HTTPS version. Update XML sitemap to reference your content’s HTTPS version. Making these changes means that the search engine will index the SSL version of your website and display this version in search engine results.
+ Guarantee robots.txt Available on HTTPS.
+ Redirect all HTTP requests to HTTPS version with permanent 301 redirects. That is, your search engine page rank will be converted to HTTPS.
+ Update webmaster tools to reference HTTPS version on your site instead of HTTP.
Above Taimienphi.vn has just introduced and showed you some ways to fix SSL connection error. If you are facing SSL connection errors, readers can apply one of the above ways to fix the error.
Besides common SSL errors, when you visit some popular websites like Facebook, Gmail may also fall into this situation. In this case, how to fix SSL errors when accessing Facebook, Gmail that Taimienphi.vn can help you connect again.
If you have any questions, you can leave your comments in the comments section below!