My client app here at https://nametalkam.com hosted on digitalocean(cenTOS, nginx) is throwing error
Error: The requested resource could not be loaded. libcurl returned
the error: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1
alert protocol version
When access from outside my location or some locations. I said this because it works fine on my location that i didn't even know the error exists. When some clients from europe visits the link, they reported the issue. Also
running curl https://nametalkam.com
returns
curl: (35) error:1400442E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1
alert protocol version
So evidently, something is wrong. Please what causes this, how do i address it and why does it work for me ? Any help will be appreciated.
More Information
The site uses ssl certicate configured using letseencrypt, and another coming from cloudflare.
Related
I put my site behind Cloudflare last week and it has been working well. But today I woke up to an error message that my site is not accessible.
I am getting generic nginx 403 page when I am trying to access my site (same as https://community.cloudflare.com/t/why-403-forbidden-all-of-a-sudden-when-i-go-to-my-site/3453), along with 'not secure' warning in Chrome address bar.
When I disable CDN as shown in the picture, the error disappears.
I am using an SSL cert issued by Letsencrypt in my server and a Full SSL in Cloudflare. I can confirm that Letsencrypt cert has not been expired.
Any ideas how to debug this issue? I am confused as to why it was working and suddenly stopped working when nothing changed.
Additional information
When I enable the CDN, I get the following error(ERR_CERT_COMMON_NAME_INVALID) in Chrome's security tab:
The error I get when I curl the https version of the site is:
curl: (51) SSL: no alternative certificate subject name matches target host name 'my-domain.com'
I've tried to enable SSL on my Cloudflare account for my asset subdomains, but I see the following error in Chrome:
This site can’t provide a secure connection
a1.staging.domain.com sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
And this in Firefox:
Secure Connection Failed
An error occurred during a connection to a1.staging.domain.com. Peer reports it experienced an internal error. Error code:
SSL_ERROR_INTERNAL_ERROR_ALERT
I followed this up with Cloudflare support. Turns out that this is due to the limitation that the Cloudflare issued SSL cert is only valid for a single subdomain. So *.domain.com will work, but *.staging.domain.com won't.
More info here:
https://support.cloudflare.com/hc/en-us/articles/200170566-Why-isn-t-SSL-working-for-my-site-
I implemented HTTPS client(with Certification BYPASS) as in :
http://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/
But I get the following Exception(as attached in the image):
javax.net.ssl.SSLHandshakeException:Received Fatal Alert :handshake_failure
Not sure why I getting this error.It had worked for me before.
Also the HTTPS Server is an APACHE TOMCAT SERVER.
Is there any other way I can Ignore(bypass) HTTPS Certification?
Please let me know.
I have been trying to configure a simple pass through proxy using wso2 esb, which points to a REST service in https port.
I had tried doing the same using my development machine (Windows 7) and it is successful.
But when I try repeating the same in production server, in RHEL, I get The system cannot infer the transport information error in system log.
Things Tried
Created passthrough proxy service pointing to https://some.domain.in/something/something.
Tried CURL to https://some.domain.in/something/something and its shows the response properly
Imported certificate from the site to client-truststore.jks. Same was done locally and it worked.
in axis2.xml, edited <parameter name="HostnameVerifier">AllowAll</parameter>under https transporter
Error Message
When clicked in test in configuration console, I got the following message, Invalid address
CURL the proxy service URL, and got Empty response
Checked system logs and saw below logs
Am I missing out something?
I could see in the wso2-error-logs following messages
ERROR {org.apache.synapse.transport.passthru.TargetHandler} - I/O
error: handshake alert: unrecognized_name
javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
Then I realised that I was using java 1.6 locally but 1.7 in production.
And in Java 1.7 there are some changes in SSL handling
The JDK 7 release supports
the Server Name Indication (SNI) extension in the JSSE client. SNI,
described in RFC 4366 enables TLS clients to connect to virtual
servers.
In order to bypass this, I added JAVA_OPTS="-Djsse.enableSNIExtension=false" in wso2server.sh and restarted.
This solved my problem.
Not sure if this is the correct way though
This url helped me finally
When I used set doc=db.GetDocumentByURL(url,1,1,,,,,False) to get a page/file under http, it returned the web page/file successfully as a Notes document.
But when I used set doc=db.GetDocumentByURL(url,1,1,username,password,,,False) to get an ssl page/file under https, where url is like "https://docs.google.com/document/d/xxxxoooo/edit", it failed and the remote console showed the error messages:
SSL Error: Keyring File access error
Connection interrupted: SSL Error: Bad or missing remote certificate
Can't db.GetDocumentByURL() access an ssl page/file? What should I do?
Assuming you are using Windows - make sure that IE can open the page. I've seen this problem in case the server's SSL certificate was self-signed and installing it in IE solved the problem.