Certificate error while accessing a site
Hi, We are having certificate issues while accessing url https://rmsstage.resolvecloudbase.co.nz We verified that the certificates used by this url are valid and the same certificates are being used by https://rmsstaging.resolvecloudbase.co.nz and this site can be accessed without any issues.
One more thing: After accessing https://rmsstaging.resolvecloudbase.co.nz , when we access https://rmsstaging.resolvecloudbase.co.nz then there are no issues reported until we delete file cert9.db from the Profile Folder. Can you please advise what could be the issue. Thanks Praveen
- User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36
I had no problem with the links. What's your computer system and Firefox version?
Please explain the problem in detail. What happens? What is the exact error messages?
Hi, the OS is Windows 10 and the firefox version is Firefox Quantum 66.0.5 (64 bit). I have attached the steps to replicate the issue. If we are using the same certificate for 2 sites, why does it gives warning for one site and works smoothly for the other. I have also attached the screenshots of the steps we are using to replicate the issue. Thanks
Okay, I think what you have demonstrated is that one host is not sending the intermediate certificate(s) needed to complete the chain of trust between the site certificate and the root. However, when Firefox receives the intermediate certificate from the other host, it saves it in cert9.db and uses that to bridge gaps for any hosts that do not send it.
This test confirms the incomplete chain diagnosis: https://www.ssllabs.com/ssltest/analyze.html?d=rmsstage.resolvecloudbase.co.nz
It also says:
- This server is vulnerable to the Return Of Bleichenbacher's Oracle Threat (ROBOT) vulnerability. Grade set to F.
- This server is vulnerable to MITM attacks because it supports insecure renegotiation. Grade set to F.
So your configuration may need to be checked in a little more depth than simply adding the missing certificate file!
The other one has some issues as well: