Solutions

Verify SSL certificate Chain on website

Solutions ID:    KB4555
Version:    1.0
Status:    Published
Published date:    08/03/2011
 

Problem Description

Why am I getting untrusted certificate when am going to website, but when I use IE and by-pass proxy I don't same certificate error?

Resolution

The certificate chain on the website maybe broken. Please the following to check certificate chain validity.

http://www.sslshopper.com/ssl-checker.html - This SSL Checker will help you diagnose problems with your SSL certificate installation. You can verify the SSL certificate on your web server to make sure it  is correctly installed, valid, trusted and doesn't give any errors to any of your users. To use the SSL Checker, simply enter your server's hostname (must be public) in the box below and click the Check SSL button. If you need an SSL certificate,

https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR1130 - The SSL certificate checker uses a Java Applet and you might be prompted to accept the certificate. If you receive an error try using a different browser or check your Java Settings. Also, the Java Applet may not run if connecting via a proxy. NOTE: This tool does not work for trial certificates since they are signed using a different root.

http://www.digicert.com/help/ - If you are having a problem with your SSL certificate installation, please enter the name of your server below and we will attempt to diagnose the problem and verify proper SSL installation.

http://codefromthe70s.org/certcheck.aspx -SSL Certificate Checker. You can check your SSL server certificates, including their expiration dates, trust chain and exposure to the infamous Debian OpenSSL bug. Enter one server name per line in the text field below and click the button to start.

http://www.geocerts.com/ssl_checker - SSL Checker (check SSL from any vendor).  This SSL Checker will help you determine whether or not there are problems with your SSL certificate installation. We can determine whether or not your certificate is correctly installed, valid, trusted, and whether or not it is supported by major web browsers. Simply enter your domain below to evaulate the SSL certificate installation.

 

All these website links can test and verify the validity of certificate chain. As Bluecoat does a complete certificate look-up by checking all certificates are signed by a trust CA including sub-ordinates, intermidiaries and finally trusted root CA's

 

 



 

 

Attachment

certificate chain example.bmp
1.5MB • 4 minute(s) @ 56k, < 1 minute @ broadband


Attachment

non-working example.bmp
1.6MB • 5 minute(s) @ 56k, < 1 minute @ broadband



Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question