Sistema operativo: Mac OSX El Capitan 10.11.5
Durante l'esplorazione della pagina ho un errore di privacy, sebbene sia stata aggiunta un'eccezione.
HoilfileCERcorretto,quindil'hoaggiuntoalmioportachiavi
FIDIAMOILCERTsulportachiavidisistemaMac
InCHROMEVersione51.0.2704.106(64-bit),ottenendoancoraunERRORE
THEMESSAGEINCHROME:[FILTERED].comnormallyusesencryptiontoprotectyourinformation.WhenGoogleChrometriedtoconnectto[FILTERED].comthistime,thewebsitesentbackunusualandincorrectcredentials.Thismayhappenwhenanattackeristryingtopretendtobe[FILTERED].com,oraWi-Fisign-inscreenhasinterruptedtheconnection.YourinformationisstillsecurebecauseGoogleChromestoppedtheconnectionbeforeanydatawasexchanged.
Youcannotvisit[FILTERED].comrightnowbecausethewebsitesentscrambledcredentialsthatGoogleChromecannotprocess.Networkerrorsandattacksareusuallytemporary,sothispagewillprobablyworklater.
Nellabarradegliindirizzi,crocerossaHTTPSsulbloccosebbene"Il certificato è valido" e contrassegnato come Sicuro .
Nella Console di panoramica sulla sicurezza, "Questa pagina non è sicura". Ulteriori suggerimenti?
Il certificato autofirmato dovrebbe andare bene, un amico ha capito che funziona su un ambiente Windows. Quindi potrei sbagliarmi sul mio Mac, anche se, sono abbastanza sicuro di aver fatto il necessario.
Ho anche provato su Firefox e ancora ottengo l'errore.
Ulteriori suggerimenti?
AGGIORNAMENTO 1
openssl s_client -connect mywebsite.com:443
CONNECTED(00000003)
depth=1 /CN=Root Certificate/C=US/ST=California/L=San Jose/O=MyCompany/OU=Self Signed
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/CN=*.mycompany-labs.com/C=US/ST=California/L=San Jose/O=MyCompany/OU=On Demand
i:/CN=Root Certificate/C=US/ST=California/L=San Jose/O=MyCompany/OU=Self Signed
1 s:/CN=Root Certificate/C=US/ST=California/L=San Jose/O=MyCompany/OU=Self Signed
i:/CN=Root Certificate/C=US/ST=California/L=San Jose/O=MyCompany/OU=Self Signed
---
Server certificate
-----BEGIN CERTIFICATE-----
[FILTERED]
-----END CERTIFICATE-----
subject=/CN=*.MyCompany-labs.com/C=US/ST=California/L=San Jose/O=MyCompany/OU=On Demand
issuer=/CN=Root Certificate/C=US/ST=California/L=San Jose/O=MyCompany/OU=Self Signed
---
No client certificate CA names sent
---
SSL handshake has read 2072 bytes and written 456 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: [FILTERED]
Session-ID-ctx:
Master-Key: [FILTERED]
Key-Arg : None
Start Time: 1468885016
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
[HANGS]
e con -ssl3
openssl s_client -connect mywebsite.com:443 -ssl3
CONNECTED(00000003)
21775:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/ssl/s3_pkt.c:1145:SSL alert number 40
21775:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/ssl/s3_pkt.c:566:
e
$ nmap --script ssl-enum-ciphers -p 443 mywebsite.com
Starting Nmap 6.46 ( http://nmap.org ) at 2016-07-19 10:27 CEST
Nmap scan report for mywebsite.com (10.234.104.241)
Host is up (0.11s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| SSLv3: No supported ciphers found
| TLSv1.0:
| ciphers:
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_RSA_WITH_AES_256_CBC_SHA - strong
| compressors:
| NULL
| TLSv1.1:
| ciphers:
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_RSA_WITH_AES_256_CBC_SHA - strong
| compressors:
| NULL
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong
| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA256 - strong
| TLS_RSA_WITH_AES_128_GCM_SHA256 - strong
| TLS_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_AES_256_CBC_SHA256 - strong
| TLS_RSA_WITH_AES_256_GCM_SHA384 - strong
| compressors:
| NULL
|_ least strength: strong
Nmap done: 1 IP address (1 host up) scanned in 5.96 seconds