Mine?
Yours?
I am still not able to connect to my 3rd party server at this time. When I use the openssl client, I can connect to the app.allocadece.com:443
if I run openssl
is there a CipherSuite that I should not have available in the following? (excerpt from options-ssl-apache.conf)
SSLEngine on
# Intermediate configuration, tweak to your needs
SSLProtocol ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
SSLOptions +StrictRequire
Unfortunately, that FQDN doesn't resolve to any IP (for me).
So I won't be able to test it first-hand.
Please show:
openssl version
And also the output of:
openssl s_client -connect app.allocadece.com:443 -servername app.allocadece.com | head
$ openssl version
OpenSSL 1.1.1 11 Sep 2018
$ openssl s_client -connect app.allocadece.com:443 -servername app.allocadece.com
CONNECTED(00000005)
depth=2 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
verify return:1
depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
verify return:1
depth=0 OU = Domain Control Validated, CN = *.com.com
verify return:1
---
Certificate chain
0 s:OU = Domain Control Validated, CN = *.com.com
i:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
1 s:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
i:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
2 s:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
i:C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
3 s:C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
i:C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
---
That's not an LE cert.
The last entry seems like a root cert. [not sure about anything GD]
If so, then it shouldn't be served. [bad practice]
[Root certs are expected to be in the trust store - clients should normally ignore them, but some may complain]
The remote site is serving the root certificate.... not I correct?
Whatever/wherever this is:
I wanted to thank you again, you are a king among men! I do believe that my SSL issues have been rectified. Not only that but I get an A ranking at ssllabs now where before it was a B+. The fact that my https connection issues persist now indicate to me that some subsystem needs updating. Both php and cakephp are out of date on this system. I am going through the code and making it ready for php 7. I will let you know if this solves the final mystery.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.