AlpineWeb Home
Search: For:   ~ Advanced Search  
  Support Home     Documentation     Knowledgebase     Help Desk     Blog 
Support Home > VPS v1 > Webserver > SSL > Certificates > Sunday, July 20, 2008

Troubleshooting SSL Problems


There are a few common mistakes or problems that come with using SSL. We've compiled the most common ones here, along with information to help you avoid and resolve the problems you encounter. If the answers to your questions aren't found on this page, feel free to contact our support staff for assistance.

General SSL Usage Help

There are a number of warnings or errors that can come up when accessing web pages via SSL. Almost all of these are small mistakes that are easy to repair.
Domain Name Mismatch
Your SSL digital certificate is set up to use a very specific domain name, which must match exactly to avoid getting this error. For example, if your certificate is for the domain www.my-domain.name, and you type https://my-domain.name into the browser, you will get this warning. Likewise, if your certificate is for my-domain.name and you enter https://www.my-domain.name into your browser, you will get the same warning. In order to avoid this warning, be sure to use the exact domain name on the certificate when making links to secure pages.

  • Page contains both Secure and Insecure Data


    Often when making links or including images in pages, the URL is an Absolute link, meaning that the link includes the protocol, domain, and path to a file. If you include an image in a page using an absolute URL, you can run into this error when the page is viewed using a different protocol than the one indicated in the image URL. For example, if in a web page you include an image using the path http://www.my-domain.name/images/myimage.gif, and then access the page using secure protocol, you will get the warning that the page has encrypted and unencrypted content. The easiest way to avoid this error is to use Relative links, meaning you indicate only the path to a local file in the link (for example, /images/myimage.gif). When linking to files on a remote server, you will need to use an absolute link, so make sure in those cases to use the protocol that the page will usually be viewed with.

  • Low-encryption browsers


    Many older Web Browsers only support 40 or 52 bit encryption. Because modern SSL certificates use 128 bit encryption, older browsers may not be able to view pages securely. If many of your customers are likely to be using older browsers, you may want to get a special low-encryption certificate (available from some Signing Authorities). Because several modern browsers are available free of charge, you may also want to encourage users having problems with your SSL certificate to upgrade to a newer browser.

Custom Certificate Install Help

When installing a custom signed Digital Certificate, there are a number of possible mistakes or errors that can cause problems. In most cases, the Apache Web Server will not start up when one of these errors occurs. If your site will not load in a browser, it is a good idea to check to see if there are any httpsd processes running on your Virtual Private Server. If there are, you may want to restart_apache and try loading the page again.

If restarting the web server does not cause httpsd processes to start on your VPS, it is possible your custom certificate is not installed properly. The first thing to do is review the Installation Steps for custom digital certificates. A few common errors include the following.

  • The Private Key has not been decrypted


    You can tell whether or not the Private Key has been decrypted by viewing the file using more or your favorite text editor. If the key file has the following lines, your key is still encrypted.
    Proc-Type: 4,ENCRYPTED
    DEK-Info: DES-EDE3-CBC,BCC23A5E16582F3D
    To decrypt your Private Key, run the following command from your VPS SSH or Telnet command prompt.
    % openssl rsa -in ~/etc/ssl.pk -out ~/etc/ssl.cert
    You will be prompted to enter your PEM Passphrase, after which the key will be decrypted.

  • The Certificate was uploaded using Binary FTP format


    Check to see if your Certificate was uploaded properly by looking at it in your favorite text editor. If each line has a ^M at the end of it, you will need to upload the file again using ASCII format.

  • The Certificate and Private Key don't match


    If you have multiple servers with SSL, make sure you are using the private key which was generated at the same time as the CSR for that domain.

  • The Certificate was ordered for the wrong Server type


    If you are transferring your certificate from a different server, make sure that the old server was using Apache with SSL as the Web Server software. If not, see the instructions to Move your Certificate.

  • Your Certificate or Key are not complete


    Check to see if the beginning and ending lines of the key or certificate are not all there or are missing. Both the certificate and private key should begin and end with a line containing text identifying the file with five dashes (-) before and after the text, such as -----BEGIN RSA PRIVATE KEY-----.


Technical Support
° Getting Started Guides
  FreeBSD
° Basic Hosting Help
° Signature Hosting Help
° VPS v1 Help
° VPS v2/3 Help
° MPS v2/3 Help
  Linux
° VPS v3 Help
° MPS v3 Help
  SaaS
° Sugar CRM
  DNS
° Domain Name Service
° Domain Registration
° Help Desk
° Knowledgebase
° Support Policies
° Disclaimer
° AlpineWeb Home
° Compare Hosting Plans
° Network Topology
° Rates & Fees
° Order Center


  Web Server Encryption
· Digital Certificates
· SSL
· Default Certificate
· Custom Certificates
· Create a CSR
· Obtain a Certificate
· Install Certificates
· Move a Certificate
· Troubleshoot a Certificate


  Home | Site Map | Customer Backroom Copyright  ©  1997-2008  AlpineWeb Design