Certificato autofirmato SSL CER eccezione aggiunta al portachiavi ma non riesce in Chrome

1

Sistema operativo: Mac OSX El Capitan 10.11.5

Durante l'esplorazione della pagina ho un errore di privacy, sebbene sia stata aggiunta un'eccezione.

HoilfileCERcorretto,quindil'hoaggiuntoalmioportachiavi

FIDIAMOILCERTsulportachiavidisistemaMac

InCHROMEVersione51.0.2704.106(64-bit),ottenendoancoraunERRORE

THEMESSAGEINCHROME:[FILTERED].comnormallyusesencryptiontoprotectyourinformation.WhenGoogleChrometriedtoconnectto[FILTERED].comthistime,thewebsitesentbackunusualandincorrectcredentials.Thismayhappenwhenanattackeristryingtopretendtobe[FILTERED].com,oraWi-Fisign-inscreenhasinterruptedtheconnection.YourinformationisstillsecurebecauseGoogleChromestoppedtheconnectionbeforeanydatawasexchanged.

Youcannotvisit[FILTERED].comrightnowbecausethewebsitesentscrambledcredentialsthatGoogleChromecannotprocess.Networkerrorsandattacksareusuallytemporary,sothispagewillprobablyworklater.

Nellabarradegliindirizzi,crocerossaHTTPSsulbloccosebbene"Il certificato è valido" e contrassegnato come Sicuro .

Nella Console di panoramica sulla sicurezza, "Questa pagina non è sicura". Ulteriori suggerimenti?

Il certificato autofirmato dovrebbe andare bene, un amico ha capito che funziona su un ambiente Windows. Quindi potrei sbagliarmi sul mio Mac, anche se, sono abbastanza sicuro di aver fatto il necessario.

Ho anche provato su Firefox e ancora ottengo l'errore.

Ulteriori suggerimenti?

AGGIORNAMENTO 1

openssl s_client -connect mywebsite.com:443

CONNECTED(00000003)
depth=1 /CN=Root Certificate/C=US/ST=California/L=San Jose/O=MyCompany/OU=Self Signed
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/CN=*.mycompany-labs.com/C=US/ST=California/L=San Jose/O=MyCompany/OU=On Demand
   i:/CN=Root Certificate/C=US/ST=California/L=San Jose/O=MyCompany/OU=Self Signed
 1 s:/CN=Root Certificate/C=US/ST=California/L=San Jose/O=MyCompany/OU=Self Signed
   i:/CN=Root Certificate/C=US/ST=California/L=San Jose/O=MyCompany/OU=Self Signed
---
Server certificate
-----BEGIN CERTIFICATE-----
[FILTERED]
-----END CERTIFICATE-----
subject=/CN=*.MyCompany-labs.com/C=US/ST=California/L=San Jose/O=MyCompany/OU=On Demand
issuer=/CN=Root Certificate/C=US/ST=California/L=San Jose/O=MyCompany/OU=Self Signed
---
No client certificate CA names sent
---
SSL handshake has read 2072 bytes and written 456 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: [FILTERED]
    Session-ID-ctx: 
    Master-Key: [FILTERED]
    Key-Arg   : None
    Start Time: 1468885016
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---
[HANGS]

e con -ssl3

openssl s_client -connect mywebsite.com:443 -ssl3

CONNECTED(00000003)
21775:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/ssl/s3_pkt.c:1145:SSL alert number 40
21775:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/ssl/s3_pkt.c:566:

e

$ nmap --script ssl-enum-ciphers -p 443 mywebsite.com

Starting Nmap 6.46 ( http://nmap.org ) at 2016-07-19 10:27 CEST
Nmap scan report for mywebsite.com (10.234.104.241)
Host is up (0.11s latency).
PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers: 
|   SSLv3: No supported ciphers found
|   TLSv1.0: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|     compressors: 
|       NULL
|   TLSv1.1: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|     compressors: 
|       NULL
|   TLSv1.2: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA256 - strong
|       TLS_RSA_WITH_AES_256_GCM_SHA384 - strong
|     compressors: 
|       NULL
|_  least strength: strong

Nmap done: 1 IP address (1 host up) scanned in 5.96 seconds
    
posta zabumba 18.07.2016 - 15:13
fonte

0 risposte

Leggi altre domande sui tag