FIXED - Re: Broken SSL cert caused by router?

Frank Bulk frnkblk at iname.com
Fri Mar 27 17:34:16 UTC 2015


Glad you figured that out.

I've used three SSL evaluation websites to help me with intermediate certificate issues:
https://www.ssllabs.com/ssltest/analyze.html (will show the names and details of the certs, missing or not 
https://www.wormly.com/test_ssl (quick SSL tester, will point out if intermediate certificate is missing)
https://www.digicert.com/help/ (will show a green chain link between certs when they're all there *and* in order)

Frank

-----Original Message-----
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Mike
Sent: Friday, March 27, 2015 10:36 AM
Cc: nanog at nanog.org
Subject: FIXED - Re: Broken SSL cert caused by router?


     I'd like to thank everyone for their kind responses. One person who 
responded off list and bothered to look at the returned certificates 
pointed out, and correctly it seems, that my original setup was missing 
an intermediate certificate. The site was returning 'valid ssl' and all 
browsers got the green lock and offsite ssl tests came back ok, but 
apparently the missing intermediate means it would have had to have been 
fetched and that was the part that was failing at the customer site. 
Once I put the intermediate certificate in there, the customer site was 
able to access https without fail. I have not had an opportunity yet to 
examine in detail the config of the meraki router there but it's either 
a routing problem or a DPI problem. If I get an answer I'll post again 
with my results.

Thanks all.

Mike-





More information about the NANOG mailing list