tags:

views:

80

answers:

3
+1  Q: 

Problem viewing sites with SSL certs

I am managing a number of websites that use SSL certificates and have had a few complaints from individuals that are not able to view some of these sites in secure mode. The problem persists regardless of browser or version that is used, does not affect viewing in non-secure mode, and only occurs with a few of the secure sites, not all. Each site has a separate SSL certificate.

I don't have any idea what may be causing this problem or how to address it and would appreciate any helpful questions or ideas that would contribute to fixing it.

A: 

Maybe they are behind some proxy that is performing interesting operations of SSL connections?

Douglas Leeder  2009-06-24 15:03:16
+2  A: 

Just a hunch, but one possibility could be that weak ciphers are disabled on the server and strong ciphers are not enabled on the client. Another possibility might be that the root certificates list on the client is not up-to-date and the SSL certificate is signed by an authority that is not in the trusted list.

Scott  2009-06-24 15:03:43
We are phasing from GoDaddy to GlobalSign and have domains with each one that work and others with each one that don't for the individuals in question
bab  2009-06-26 16:51:05
+2  A: 

They key here is to find out what they all have in common. Maybe they all use AOL? Behind a caching proxy? Can they view other secure sites? Maybe they have a virus or trojan causing the issue?

Eric Petroelje  2009-06-24 15:04:46
One individual that I have spoken to is using a commercial high speed internet service with no proxy or firewall other than Windows firewall, which is being used.
bab  2009-06-26 16:39:01

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security