For many of my website site visitors, the SSL certificate is failing. Whatever tests I actually do on various browsers for me personally the SSL certificate applies.
I can not think about how you can test this on client side, and also to identify the issue.
How does one do that?
One client will get: fatal certificate unknown
While RouMao's response is mostly correct, he's skipped what's (IME) the most typical trouble with SSL certificates - the certificate you're using requires an interim certificate in the CA that you simply haven't incorporated inside your certificate chain. Most CAs offer an online tool for examining the certificate - try the one situated here.
Also, can there be any correlation that browser getting used? Particularly, Chrome doesn't handle SSL v2 automatically
The majority of the failing of SSL certificates were triggered by site visitors themselves. In some way couldn't tests or verified by server implementation.
Here are a few apparent good examples:
- Your cert is validated since April first 2012, however the client's local machine time is placed to 2010 -Body year after current time. Within this situation, the customer should encounter problem all of the occasions, until his machine time is after April first 2012.
- customer is behind a small firewall. The firewall could terminate the SSL/TLS connection and re-crypt the hyperlink having a pseudo/self-sign certificate. Indeed this may be regarded as a guy-in-middle attach.
- The Reliable Root Certification was removed by client themself
it's very tough to fix each one of these problem. Sometimes, you have to produce a client side native application to identify or fix all of the potential problems, and require client browser to complete the applying every time before it go into the HTTPS mode.
P.S. the majority of the e-bank application do such as this.