File: certificate_errors

package info (click to toggle)
e2guardian 5.5.9-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 6,352 kB
  • sloc: cpp: 26,398; makefile: 640; sh: 324; perl: 55
file content (65 lines) | stat: -rw-r--r-- 2,918 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 

Some errors that can occur with certificates when using MITM


Certificate supplied by server was not valid:
    This message is produced when openssl detects an error in the target server's certificate.
    The message after the ":" is an openssl message.  Check the openssl documentation on how to bug
    fix the error.

    Common ones are:-

    Certificate supplied by server was not valid: self signed certificate in certificate chain

        Certificate supplied is self-signed.
        If you are happy to allow full access to this site then add it to exceptionsitelist.
        To allow access with content checking then add site to nocheckcertsitelist.


    Certificate supplied by server was not valid: unable to get local issuer certificate

        Indicates that an invalid certificate has been supplied by target server.

        If you get this error a lot (on most sites) then openssl is not set-up correctly.
        Check you have an up-to-date certificate bundle installed.

        If you get this on a site that works ok in browser going direct check that browser has not
        got a certificate exception for the site.  If a direct browser accepts the sites certificate, then
        check your openssl cert bundle is up-to-date.  Is it is, use openssl command line debuging options from
        the server e2guardian is installed on.

Failed to negotiate ssl connection to client

    Possible causes:

    Your rootCA is not installed on the client system - get user to install it.

    App is using CONNECT but not using https protocol.  If you want to allow access to app add
    site name to exceptionsitelist.

    App on client system does not respect client certificate store.   If you want to allow access to app add
    site name to exceptionsitelist.

    Failure of network connection to client.

No SSL certificate supplied by server

    Server is trying to negotiate SSL connection without supplying certificate, so is insecure.
    If you are happy to allow full access to this site then add it to exceptionsitelist.
    To allow access with content checking then add site to nocheckcertsitelist.

Server's SSL certificate does not match domain name

    SSL certificate supplied by target server does not match domain name, so is insecure.
    If you are happy to take risk and allow full access to this site then add it to exceptionsitelist.
    To allow access with content checking then add site to nocheckcertsitelist.

Failed to negotiate ssl connection to server

    Target server is listening on port 443 for a non-https protocol.
    If service is required add site to exceptionsitelist.

    Transitory network failure after initial connection.

General - if issues persist turn logsslerrors = on in e2guardian.conf - This will log detailed openssl stack errors
    in syslog. Openssl documentation can then be consulted to help determine the cause of the error.