New website and SEO activity for environmentally friendly next generation disinfectant and alcohol-free hand sanitiser brand...Continue Reading
Previously, we talked about SSL security and why your website needs an SLL certificate to prove your commitment to keeping data secure.
However, like all systems, SSL can go wrong. So, what do you do if and when that occurs?
An unexpected SSL error is sure to be a headache at the best of times, especially when it seems like a complicated technical problem that only an industry expert can unpick.
Let’s break down the specifics and demystify what’s actually happening when you encounter a problem with your SLL encryption.
An SSL certificate error is the result of a problem occurring somewhere in the chain of verifying a website’s certificate.
The actual root cause of the error could be any one of a number of different issues, but the overarching problem is that your internet browser can’t get the information it needs to let you continue.
SSL certificate errors are more than a nuisance; they can outright stop a user from visiting your site, and can turn people off the idea of using your business if it leaves them with the impression that they won’t be safe giving you any of their information.
An SSL connection error could stem from a simple user error, or something more technical and therefore harder to resolve.
An SSL error can technically stem from something as simple as an incorrectly typed URL, and may not signify any actual problem with a website or its certificate.
SSL error screens aren’t always the most helpful nor informative, but knowing what to look for can give you some more indications as to what the actual problem is.
These are the hard stops wherein your browser halts your access to a domain and displays an error page. The error page might give you some information as to what’s happened and what you can do next, whether that’s troubleshooting or simply turning away from trying to access the page altogether.
A connection error is aiming to keep you protected from an insecure page, so as frustrating as they can be when you’re trying to find something out or make a purchase, they’re worth paying attention to.
Fraud and cybercrime for 2021-2022 caused losses in the UK totalling more than £3 billion.
Even if a page belongs to a legitimate owner or a trusted business, any indication that user data isn’t safe has a dire impact on both customers and businesses. The former can be scared away from ever revisiting, and the latter takes the opportunity cost of that decision.
There are several kinds of SSL errors with varying levels of complexity and different implications attached. As mentioned before, some of these are easily resolved, and can constitute run-of-the-mill errors as well as genuine warnings over your online safety.
Some of these error reasons can include:
If a user mistypes the name of the intended domain into the address bar, they can be met with ‘invalid SSL certificate’ error.
While this might look dire at first, it’s not actually a problem with the certificate nor the security of the site; it’s simply that the names don’t match, so the connection can’t be resolved.
This error is simply fixed by checking the URL, as it can be as simple as leaving out the ‘www.’ when you typed the address.
If a site’s SSL certificate doesn’t satisfy the browser, it will return an error. This could theoretically be a misunderstanding, because a trusted but otherwise unknown Certificate Authority (CA) being behind a certificate could trigger it. Conversely, it could be detecting a malicious attempt at faking a certificate.
Your web browser keeps an internal database of trustworthy certificate providers. If the given provider isn’t on this list, the connection will go no further. While this could be the fault of the browser’s list, it’s more likely that your browser has detected a self-signed certificate, which is essentially a fake certificate.
Such certificates are commonplace in phishing attempts, when they masquerade as security on a website that is actually aiming to harvest your personal data. Thankfully, browser security will often automatically detect these spoofed certificates and shut down communications between you and the server.
A certificate issued from a genuine CA can still be invalid, for one of a few reasons which we’ve lumped together for simplicity.
The first is that the certificate has expired, and is no longer valid. Every SSL certificate has a validity period, usually one year, for which it’s valid. After this point it expires, and browsers will take notice if a certificate is past this expiry date.
In recent years, the rules around SSL certificates were changed to state that they may only be valid for a maximum of 398 days, significantly down from the previous maximum of 825 days.
Any certificate issued on, or after, September 1st 2020 with a validity period longer than this will be automatically rejected and return a ‘validity too long’ error or similar.
Another way in which a certificate can be invalid is that it is, in a sense, too new.
If the current date is before the certificate’s validity period begins, it is said to be ‘inactive’.
This is an increasingly rare occurrence given the use of automated certificate managers, but can still happen if there is a desynchronisation between client and server machines’ clocks.
This error is returned if the target website once had a certificate, but it has since been taken away by the CA. A ‘cert revoked’ error can mean an encryption key was hacked, or that the operator acquired their certificate using false credentials. Oh dear!
A revoked certificate doesn’t necessarily mean wrongdoing by the site’s owners, as it could even be the fault of the CA issuing the wrong information, but all the same it means the site has no SSL certificate.
Therefore, no encryption for user data.
This occurs when the site itself has a valid certificate and is configured to use secure HTTPS, but content on the site is using non-secure sources. This could be something as minor as a single small JPEG, but if it’s somewhere on the page, your browser will return a mixed content warning.
Unlike problems with authenticating the SSL certificate, mixed content errors won’t necessarily block your access to the site, and you may instead get the option to simply not display the unsecured content.
Protocol errors are part of a mixed bag, and have no one specific cause. It could be the settings on a firewall or antimalware program interfering with the connection, or it could be that the certificate has not been correctly installed on the server.
Being so numerous and imprecise, protocol errors are hard to nail down. Unfortunately, it can mean users being turned away from a website without much in the way of an explanation.
Despite this, an error lies somewhere. If it’s occurring to every site visitor, you know it must lie on the server, rather than client, side. There are some common causes associated with protocol errors that both client-side and server-side users can try, so starting with these may quickly root out the issue.
Fixing an SSL error depends on the specific error and its root causes.
The simplest first step is eliminating the possibility of user error or problematic browser configuration, which may not be applicable with certain types of errors.
Failing that, it may be that the solution lies in reinstalling or renewing your certificate. As a business, if you’re having trouble with the SSL certificate on your site and you have no idea how to fix it, then it’s a problem best left with an IT support provider who can narrow down the issue and ensure it doesn’t persist.
However, your web host may already provide the tools to manage your SSL certificate and verify its installation, or reinstall it if necessary. If not, they may be able to point you in the right direction.
Some fixes you can try include:
Fixing any SSL connection errors on your site is imperative, especially if your website is business critical.
Visitors being blocked and turned away could quite literally be damming your flow of cash into a business, as well as degrading your online reputation, making customers think twice about trusting you with their data, and impacting your SEO (which itself causes its own damage to your business).
This is why sound data security in the form of a valid SSL certificate is as much a matter of marketing and business image as it is about GDPR and protecting your domain. The PR disaster that occurs when data breaches take place is not something that every business can weather.
At time of writing, Google refers to a list of just over 130 ‘root certificates’ to know which CAs and their respective certificates can be trusted.
Root certificates are those that come pre-downloaded in most popular browsers and operating systems, and they sit at the top of the chain of trust as the product of a verified and trustworthy CA.
From Google’s own description of how Chrome uses its “root store”:
“When making HTTPS connections, Chrome refers to a list of root certificates from CAs that have demonstrated why continued trust in them is justified. This list is known as a “Root Store.”
CA certificates included in the Chrome Root Store are selected on the basis of publicly available and verified information, such as that within the Common CA Database (CCADB), and ongoing reviews by the Chrome Root Program.
CCADB is a datastore run by Mozilla and used by various operating systems, browser vendors, and CA owners to share and disclose information regarding the ownership, historical operation, and audit history of CAs and corresponding certificates and key material.”
For every SSL error, Chrome will return a code that gives some idea as to the problem it encountered. For instance, a protocol error will return ‘ERR_SSL_PROTOCOL_ERROR’. These error codes can then be investigated more closely and used to direct the first areas you might check.
Removing an SSL error from Chrome requires the same approaches as any other browser, and if the error stems from something like an incorrectly installed certificate, then changing to another browser won’t fix that.
However, Chrome’s helpful use of error codes can give you a good idea of where to begin.
SSL certificate errors are getting into the nitty-gritty of running a business-critical website. If you’re looking to get more visitors and improve your digital marketing, you can start much simpler!
Aqueous Digital is a trusted, family-run agency that helps businesses across the UK with their SEO and website structure, securing higher turnover, higher lead generation, and much more.
To find out more about our services and how we can help you thrive, contact us today.