[179083] in North American Network Operators' Group
RE: FIXED - Re: Broken SSL cert caused by router?
daemon@ATHENA.MIT.EDU (Frank Bulk)
Fri Mar 27 13:34:19 2015
X-Original-To: nanog@nanog.org
From: "Frank Bulk" <frnkblk@iname.com>
To: "'Mike'" <mike-nanog@tiedyenetworks.com>
In-Reply-To: <551578D1.8080903@tiedyenetworks.com>
Date: Fri, 27 Mar 2015 12:34:16 -0500
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
Glad you figured that out.
I've used three SSL evaluation websites to help me with intermediate =
certificate issues:
https://www.ssllabs.com/ssltest/analyze.html (will show the names and =
details of the certs, missing or not=20
https://www.wormly.com/test_ssl (quick SSL tester, will point out if =
intermediate certificate is missing)
https://www.digicert.com/help/ (will show a green chain link between =
certs when they're all there *and* in order)
Frank
-----Original Message-----
From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Mike
Sent: Friday, March 27, 2015 10:36 AM
Cc: nanog@nanog.org
Subject: FIXED - Re: Broken SSL cert caused by router?
I'd like to thank everyone for their kind responses. One person who =
responded off list and bothered to look at the returned certificates=20
pointed out, and correctly it seems, that my original setup was missing=20
an intermediate certificate. The site was returning 'valid ssl' and all=20
browsers got the green lock and offsite ssl tests came back ok, but=20
apparently the missing intermediate means it would have had to have been =
fetched and that was the part that was failing at the customer site.=20
Once I put the intermediate certificate in there, the customer site was=20
able to access https without fail. I have not had an opportunity yet to=20
examine in detail the config of the meraki router there but it's either=20
a routing problem or a DPI problem. If I get an answer I'll post again=20
with my results.
Thanks all.
Mike-
