FIXED - Re: Broken SSL cert caused by router?

Mike mike-nanog at tiedyenetworks.com
Sat Mar 28 16:05:38 UTC 2015


On 03/27/2015 10:34 AM, Frank Bulk wrote:
> Glad you figured that out.
>
> I've used three SSL evaluation websites to help me with intermediate certificate issues:
> https://www.ssllabs.com/ssltest/analyze.html (will show the names and details of the certs, missing or not
> https://www.wormly.com/test_ssl (quick SSL tester, will point out if intermediate certificate is missing)
> https://www.digicert.com/help/ (will show a green chain link between certs when they're all there *and* in order)
>
> Frank
>

I went back to Frank's list and did some additional testing. I have a 
different server which was set up the same way as the previous one 
discussed, and I thought I would use the above tools and see if my 
problem would have been identified by any of them. I am sorry to report, 
no, none of these either caught the problem either. Although I still do 
not fully understand the dependencies involved, it seems that if my 
server was failing to supply the full certificate chain, and the browser 
was compensating for it by (attempting?) to load the missing certificate 
from elsewhere,  and this Meraki router was somehow able to confound 
that process, that would be an issue worthy of exploring more. I 
certainly don't blame these ssl check sites but clearly theres more 
checks needed.

Mike-


More information about the NANOG mailing list