AnsweredAssumed Answered

Google Chrome and Website issue...

Question asked by Kedar Khanderkar on Feb 18, 2016
Latest reply on Feb 18, 2016 by Adm Selec

Hello,

 

Some of the Google Chrome users are seeing RED Cross bar while accessing the URL :

https://www.CityAlarmpermit.com/FAMS

 

When I checked it on SSL Server Test: cityalarmpermit.com (Powered by Qualys SSL Labs)

I found that it is showing 2 SSL paths

 

Certification Paths
1Sent by serverwww.cityalarmpermit.com
Fingerprint SHA1: 73038e1125b40e07238ad0c2f1f62f328c615742
Pin SHA256: nRqFfm8cdXX3JnWcVeY1ZZsAH/ocyuJtYPwOVV1UOko=

RSA 4096 bits (e 65537) / SHA256withRSA
2Sent by serverNetwork Solutions EV Server CA 2
Fingerprint SHA1: 754d1f1b94b39ae0b83cc871d39c8db4cc9d5a09
Pin SHA256: uY4iOhjFT5ZJncBPVcvV4Vp7MzDa5mJyEdEtzpD6i28=

RSA 2048 bits (e 65537) / SHA384withRSA
3In trust storeNetwork Solutions Certificate Authority   Self-signed
Fingerprint SHA1: 74f8a3c3efe7b390064b83903c21646020e5dfce
Pin SHA256: MtGA7THJNVieydu7ciEjuIO1/C3BD5/KOpXXfhv8tTQ=

RSA 2048 bits (e 65537) / SHA1withRSA
Weak or insecure signature, but no impact on root certificate

Path #2: Trusted

https://www.ssllabs.com/ssltest/getTestTrustPath?d=cityalarmpermit.com&s=162.242.135.132&latest&time=1455818604233&id=2
1Sent by serverwww.cityalarmpermit.com
Fingerprint SHA1: 73038e1125b40e07238ad0c2f1f62f328c615742
Pin SHA256: nRqFfm8cdXX3JnWcVeY1ZZsAH/ocyuJtYPwOVV1UOko=

RSA 4096 bits (e 65537) / SHA256withRSA
2Sent by serverNetwork Solutions EV Server CA 2
Fingerprint SHA1: 754d1f1b94b39ae0b83cc871d39c8db4cc9d5a09
Pin SHA256: uY4iOhjFT5ZJncBPVcvV4Vp7MzDa5mJyEdEtzpD6i28=

RSA 2048 bits (e 65537) / SHA384withRSA
3Extra downloadNetwork Solutions Certificate Authority
Fingerprint SHA1: ae9ed76d89126fbc7ad7d9b83bba2e7a57d121cf
Pin SHA256: MtGA7THJNVieydu7ciEjuIO1/C3BD5/KOpXXfhv8tTQ=

RSA 2048 bits (e 65537) / SHA1withRSA
WEAK SIGNATURE
4In trust storeAddTrust External CA Root   Self-signed
Fingerprint SHA1: 02faf3e291435468607857694df5e45b68851868
Pin SHA256: lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=

RSA 2048 bits (e 65537) / SHA1withRSA
Weak or insecure signature, but no impact on root certificate

User's who doesn't have issue are going through Path 1

Users who have reported us the issue are going through path 2.

 

I wanted to understand what does these 2 path means & why some users are going from path 2

My certificates are installed as per path 1

 

I have downloaded & installed the EXTRA downloaded certificate (Network Solutions Certificate Authority  - Fingerprint SHA1: ae9ed76d89126fbc7ad7d9b83bba2e7a57d121cf) also on my server on 3 locations.

Source : https://ssl-tools.net/subjects/3cee0edaa1afab60e60c8837c1ef38dd303e7970

Trusted Root Certificate Authority

Intermediate Certificate authority

Third Party Root Certificate authority

but no luck.

 

Please advise what steps I can follow to resolve this issue.

Cedar Khanderkar

Attachments

Outcomes