Troubleshooting SSL Issues

An SSL, or Secure Sockets Layer, serves as a cryptographic protocol ensuring the authentication and encryption of data transmitted across a network. Users on the internet tend to favor sites with HTTPS and a lock icon, as these visual indicators instill a sense of security, often influencing decisions related to online transactions.

However, obtaining an SSL certificate does not guarantee error-free operation for your website. Persistent SSL errors can harm your brand’s reputation, repel visitors, and impact your search engine optimization (SEO) ranking. Fortunately, there is a remedy for insecure websites. In the following sections, we explore troubleshooting methods for resolving SSL issues.

How to Verify Your SSL

Assess the status of any website using three straightforward methods:

1. Examine the URL Distinguish between URLs that commence with “http” and those starting with “https.” The inclusion of the “s” signifies the application of SSL technology, providing security and encryption.
2. Verify the Padlock In the address bar, ensure the presence of a padlock icon preceding the URL. Conversely, unsecured sites may display a “Not Secure” label in lieu of the padlock.
3. Obtain a Security Overview While infrequent, a website may exhibit both symbols, yet the SSL certificate could be expired. It is prudent to perform a thorough check to confirm the certificate’s validity, particularly when the site requests sensitive information.

Frequent SSL Certificate Issues

The certificate errors arise when there is a problem with the website’s certificate or its server configuration. If your browser encounters difficulties in establishing a secure connection with a website, it will present a specific error message, providing clues about the potential source of the problem.

SSL Handshake Unsuccessful

Error 525, also known as it Handshake Failure, indicates that the server and browser could not establish a secure connection. This can occur for various reasons, and it’s crucial to recognize that the errors may originate either from the server-side or the client-side.

Suggested fix

There are methods to begin exploring potential issues and resolving them one by one. Let’s take a look at these five strategies that you can try to:

1. Update your system date and time
2. Check if your SSL certificate is valid
3. Configure your browser for the latest SSL/TLS protocol support
4. Verify that your server is properly configured to support Server Name Indication
5. Make sure the cipher suites match

SSL handshake exception error

The SSL Handshake exception error occurs if:

• The SSL certificate has been issued by an untrusted root Certificate Authority (CA)
• The SSL certificate has expired
• The certificate doesn’t match the name of the host that you are trying to connect to
• You have entered the IP address instead of the hostname

Suggested fix

Make sure that you’ve been dealing with a Trusted CA; that your this is valid; that you have entered the right hostname.

SSL peer shut down incorrectly error

This happens due to issues with your program’s security protocols, or if your remote host closed connection shut down incorrectly.

Suggested fix

1. Verify if the connections from the class to the node agent are functional and vice versa.
2. Confirm the correct IP address or hostname for the WC admin host.
3. Secure the XML index server port to clear any broken protocols.
4. Remove the entries inside the XML server file to complete the process and reenable your functions.

This approach confirms isolating and removing the failed code snippet is not mandatory, which should save you some time when fixing your application.

You may also check your server for any addresses that are confusing your system or application. Delete them.

SSL certificate expired / SSL certificate renewal error

This can happen to anyone, as it’s easy to forget precisely when your security certificate expires. Do you manage multiple certificates? Use our certificate management platform to help avoid the issue and to make it easy to set budgets. With GlobalSign’s Managed SSL (MSSL), company identity information and domains are pre-verified so you can instantly issue certificates as needed. Read how MSSL is powering the certificate management for the University of Waterloo in Canada.

If you’re still getting an SSL “certificate not trusted” error, there is a possibility that it could’ve been installed incorrectly. Try and see if you can get a new Certificate Signing Request (CSR) from your server and request for re-issuance from your provider, which could very well be GlobalSign. Here’s how our SSL maintained zero data breach on the site of Biodiversity Management Bureau in the Philippines.

SSL bad record Mac alert

This glitch is often due to some issue with the client computer. You can confirm that by accessing legitimate websites that already have the certificate installed. If it works for them, we only confirm the above stated — it is a client issue that needs to be resolved.

Suggested fix.

Detecting the cause for this may not always be possible; you will need to approach each solution below by trial and error:

1. Update your OS
2. Update Google Chrome
3. Deactivate HTTPS Inspection from your antivirus’ settings
4. Turn down the ‘Stream Detect’ function in your Killer Control Center or uninstall the speed-boosting application
5. Fix your router

HTTPS redirects (The site is not redirecting to HTTPS)

When you get the certificate, you must enable HTTPS on your website, else your site will not redirect to HTTPS. There are lots of ways to enable it. 

DNS-related issues

After you’ve both installed it and enabled HTTPS, your site will look secure, so it’s essential to properly configure your DNS records ahead of time. If your domain’s DNS has not connected to your host’s servers, your site may not redirect to HTTPS properly. This can also happen if your DNS has not fully propagated.

Mixed content error

This may be caused by insecure external files or resources still being requested with HTTP (without the “s”). For instance, you may be accessing a site that has hardcoded URLs with HTTP within themes and plugins. In such a case, your browser won’t display the padlock, as this will be regarded as mixed content. 

Common name mismatch error

The “name mismatch error” occurs when the domain name listed in the certificate does not match the URL you are trying to reach. It happens when the security certificate was initially issued for another domain name (or a subdomain). For instance, if your SSL is installed on yourdomain.com, it may not cover the www part of it, and as a result, this error will appear.