"This site can’t provide a secure connection" Error!

General questions.
User avatar
Arne.F
Core Developer
Core Developer
Posts: 8522
Joined: May 7th, 2006, 8:57 am
Location: BS <-> NDH
Contact:

Re: "This site can’t provide a secure connection" Error!

Post by Arne.F » September 19th, 2019, 11:49 am

Mhh. Der server.key ist zu klein. Die muss 3.2KB haben. Beende mal den apache
/etc/init.d/apache stop
und lösch alles in dem ordner außer den conf unterordner und starte den apache neu.
/etc/init.d/apache start
Dann sollte er alle keys neu bauen.

The server key is too small, it should have 3.2 KB. Stop the apache
/etc/init.d/apace stop
And delete everything except the conf subdir and start apache.
/etc/init.d/apace start
Then it should regenerate all keys.
Arne

Support the project on the donation!

Image

Image

Image
PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.

ChrisK
Posts: 86
Joined: November 10th, 2014, 7:19 am

Re: "This site can’t provide a secure connection" Error!

Post by ChrisK » September 19th, 2019, 12:15 pm

Hi Arne,
I just did it, but the message stays the same:
783160C.PNG
EDIT: It works with Edge now, but Chrome and Opera still refuse to work :o
Last edited by ChrisK on September 19th, 2019, 6:56 pm, edited 1 time in total.

User avatar
Arne.F
Core Developer
Core Developer
Posts: 8522
Joined: May 7th, 2006, 8:57 am
Location: BS <-> NDH
Contact:

Re: "This site can’t provide a secure connection" Error!

Post by Arne.F » September 19th, 2019, 2:40 pm

At the moment i have no Idea what problem could cause this CERT_BAD_FORMAT ...
Arne

Support the project on the donation!

Image

Image

Image
PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.

User avatar
SoftGil
Posts: 146
Joined: January 7th, 2008, 3:38 pm
Location: United Kingdom
Contact:

Re: "This site can’t provide a secure connection" Error!

Post by SoftGil » September 19th, 2019, 6:42 pm

In English, the previous two posts, PLEASE!

We are in the English Area, here. :o

Thank you!
If you're going to be a smart ass, first you have to be smart. Otherwise, you're just an ass.
Unknown

Image

My IPFire Box at work (HP Proliant ML110 G6):
Image

User avatar
Arne.F
Core Developer
Core Developer
Posts: 8522
Joined: May 7th, 2006, 8:57 am
Location: BS <-> NDH
Contact:

Re: "This site can’t provide a secure connection" Error!

Post by Arne.F » September 20th, 2019, 5:07 am

Sorry. Added english but it looks this not helps...

Please post hardware details. Could this be a hw accleration issue like the aesni bug of ipsec in older kernels?
Arne

Support the project on the donation!

Image

Image

Image
PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.

ChrisK
Posts: 86
Joined: November 10th, 2014, 7:19 am

Re: "This site can’t provide a secure connection" Error!

Post by ChrisK » September 20th, 2019, 6:46 am

Is this enough information or do you need any other?
https://fireinfo.ipfire.org/profile/50a ... 9eb97db8ef

SmithJ
Posts: 18
Joined: July 4th, 2019, 5:21 pm
Location: USA
Contact:

Re: "This site can’t provide a secure connection" Error!

Post by SmithJ » September 25th, 2019, 9:11 pm

Secure connection issues are mostly related to the im-proper SSL configuration and then after the re-directions from www to non www or vice-versa.

ChrisK
Posts: 86
Joined: November 10th, 2014, 7:19 am

Re: "This site can’t provide a secure connection" Error!

Post by ChrisK » October 16th, 2019, 10:02 am

The issue seems to be connected to the following lines in "ipfire-interface-ssl.conf":

Code: Select all

SSLCertificateFile /etc/httpd/server-ecdsa.crt
SSLCertificateKeyFile /etc/httpd/server-ecdsa.key
If I comment them out, the access is possible again with Firefox and Chrome.

So either the referenced ECDSA-Cert/Key is faulty, or neither Firefox nor Chrome are able to do encryption with elliptic curves.

Here's a one-liner to quick-fix the problem in the meantime:

Code: Select all

sed -i '/server-ecdsa/s/^/#/' /etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf
/etc/init.d/apache restart

Post Reply