SSL Certificate Fails with Comodo Cert

OniDaito
So the error I have when verifying my server is this:

SSL certificate error connecting to blah.blah
See the certificate override documentation for more information.

Now, my certificate is verified by COMODO CA Limited and works as expected in Firefox and therefore copying the cert_exceptions file from Firefox to stand-alone wont work (nor have I found a way to add it manually).

Any thoughts? Cheers!
  • dstillman
    That's odd. Have you checked your server with the Qualys SSL Test? Can you connect to your server in all browsers?
  • OniDaito
    No I had not tried that. Tried just now and I get:

    Assessment failed: No secure protocols supported

    I suspect this could be related to using a sub-domain though there is another potential issue with VPNs getting in the way. I'll do some more tests.
  • dstillman
    Yeah, that could also happen just if the server isn't accessible to the outside world. If you can only access it through the VPN, that test wouldn't work (but it might mean that Standalone isn't connecting via the VPN either).
  • OniDaito
    edited October 8, 2014
    Turns out it was an odd error - default gateway on that box was pointing to the VPN and not the router so packets were effectively dropped.
  • OniDaito
    Apologies, but I'm still getting the same error. Qualys gives me an A- rating so something is not happy with the standalone it would seem? Not using my VPN this time.

    The username and password - how do they fit into the scheme of things? Is this for htpasswd style auth?
  • OniDaito
    I can confirm the Firefox works fine and syncs.
  • aurimas
    The username and password - how do they fit into the scheme of things? Is this for htpasswd style auth?
    usename/password are sent via HTTP Basic Access Authentication and would not be involved in the SSL handshake.

    Can you submit a Debug ID for a verification attempt? https://www.zotero.org/support/debug_output
  • OniDaito
    Cheers! I have D493438768
  • dstillman
    https://www.zotero.org/support/kb/incomplete_cert_chain

    (Note the "Chain Issues: Incomplete" in the Qualys test.)
  • OniDaito
    Excellent! Thankyou all for your help! This is now working great! :D

    For others using nginx and similar:

    http://nginx.org/en/docs/http/configuring_https_servers.html

    Very handy on cat'ing the certs.
Sign In or Register to comment.