An SSL is a secured cryptographic protocol for authenticating and encrypting data over a network. Online users click on sites with HTTPS and lock icon as these symbols make them feel safer—the basis of most decisions that concern the exchange of commerce.
WHAT IF you got your SSL certificate, but your site still keeps getting errors and warning notifications?
SSL errors on your site can damage your brand reputation, push visitors away, and affect your SEO ranking. Good thing though – there is a cure for insecure sites! Here we discuss how to troubleshoot SSL issues.
Checking your SSL
How to check your SSL
View the status of any website by using three elementary methods:
- Check the URL
Some URLs begin with http, while others start with https. The "s" stands for the security and encryption brought about by SSL technology. - Look for the padlock
There should be a padlock icon in the address bar before the URL. Meanwhile, in its place, unencrypted sites may say “Not Secure.” - Get a security overview
Though rare, a site may have both symbols, but the SSL certificate could still have expired. It's worth double-checking to ensure the certificate is still valid, especially if the site is requesting lots of sensitive information.
Common SSL certificate errors
An SSL certificate error results from an issue with the website’s certificate itself or its configuration on the server. If your browser is unable to establish a secure connection with a website due to any issue, it will display a particular error message, which always hints at where the problem might be.
SSL handshake failed
Error 525 a.k.a. SSL Handshake Failure means that the server and browser were unable to establish a secure connection. This happens for a menagerie of reasons, and it's important to understand that SSL errors can happen on the server-side or the client-side.
Suggested fix
There are methods to begin exploring potential issues and resolving them one by one. Let’s take a look at these five strategies that you can try to:
- Update your system date and time
- Check if your SSL certificate is valid
- Configure your browser for the latest SSL/TLS protocol support
- Verify that your server is properly configured to support Server Name Indication
- Make sure the cipher suites match
SSL handshake exception error
The SSL Handshake exception error occurs if:
- The SSL certificate has been issued by an untrusted root Certificate Authority (CA)
- The SSL certificate has expired
- The certificate doesn’t match the name of the host that you are trying to connect to
- You have entered the IP address instead of the hostname
Suggested fix
Make sure that you’ve been dealing with a Trusted CA; that your SSL is valid; that you have entered the right hostname.
SSL peer shut down incorrectly error
This happens due to issues with your program’s security protocols, or if your remote host closed connection shut down incorrectly.
Suggested fix
- Verify if the connections from the class to the node agent are functional and vice versa.
- Confirm the correct IP address or hostname for the WC admin host.
- Secure the XML index server port to clear any broken protocols.
- Remove the entries inside the XML server file to complete the process and reenable your functions.
This approach confirms isolating and removing the failed code snippet is not mandatory, which should save you some time when fixing your application.
You may also check your server for any addresses that are confusing your system or application. Delete them.
SSL certificate expired / SSL certificate renewal error
This can happen to anyone, as it’s easy to forget precisely when your security certificate expires. Do you manage multiple certificates? Use our certificate management platform to help avoid the issue and to make it easy to set budgets. With GlobalSign’s Managed SSL (MSSL), company identity information and domains are pre-verified so you can instantly issue certificates as needed. Read how MSSL is powering the certificate management for the University of Waterloo in Canada.
If you're still getting an SSL “certificate not trusted” error, there is a possibility that it could’ve been installed incorrectly. Try and see if you can get a new Certificate Signing Request (CSR) from your server and request for re-issuance from your provider, which could very well be GlobalSign. Here’s how our SSL maintained zero data breach on the site of Biodiversity Management Bureau in the Philippines.
SSL bad record Mac alert
This glitch is often due to some issue with the client computer. You can confirm that by accessing legitimate websites that already have an SSL certificate installed. If it works for them, we only confirm the above stated — it is a client issue that needs to be resolved.
Suggested fix
Detecting the cause for this may not always be possible; you will need to approach each solution below by trial and error:
- Update your OS
- Update Google Chrome
- Deactivate HTTPS Inspection from your antivirus’ settings
- Turn down the ‘Stream Detect’ function in your Killer Control Center or uninstall the speed-boosting application
- Fix your router
HTTPS redirects (The site is not redirecting to HTTPS)
When you get an SSL certificate, you must enable HTTPS on your website, else your site will not redirect to HTTPS. There are lots of ways to enable it.
DNS-related issues
After you’ve both installed SSL and enabled HTTPS, your site will look secure, so it’s essential to properly configure your DNS records ahead of time. If your domain's DNS has not connected to your host's servers, your site may not redirect to HTTPS properly. This can also happen if your DNS has not fully propagated.
Mixed content error
This may be caused by insecure external files or resources still being requested with HTTP (without the “s”). For instance, you may be accessing a site that has hardcoded URLs with HTTP within themes and plugins. In such a case, your browser won’t display the padlock, as this will be regarded as mixed content.
Common name mismatch error
The “name mismatch error” occurs when the domain name listed in the SSL certificate does not match the URL you are trying to reach. It happens when the security certificate was initially issued for another domain name (or a subdomain). For instance, if your SSL is installed on yourdomain.com, it may not cover the www part of it, and as a result, this error will appear.
As a public Certificate Authority that is trusted worldwide, GlobalSign can help your websites to build trust and credibility as you go about and conduct your business.
If you’re interested, email [email protected] today!
