URGENT: Problem with certificate on smartphone

sslzertifikat · April 8, 2019, 1:33pm

Hello
I have a small problem with the SSL certificate from LetsEncript.
The problem only occurs when the homepage is opened on the smartphone. If the message is aborted, the homepage will still be displayed. On a PC/Laptop/MAC everything works without a message.
The following error message appears:

Domain: www.baumelertaxi.ch
Title: No certificates found
Text: The browser has requested a certificate. If you agree to this request, the application can now use this certificate with the servers. DI requesting server has been detected as xxx. Only agree to this request if you trust the application.
You can install certificates from a PKCS#12 file with the file extension .pfx or p12.

Here par Infos about the System (Server)
Windows 2012 R2
IIS 8.5
LetsEntcript: Tool from https://github.com/pkisharp/win-acme (With this tool I only have to say create certificate and for which domain, afterwards the tool does everything itself and enters it in the IIS.)

How can I make the message disappear on the smartphone? Because the message confuses some of the visitors, many do not dare to click on Cancel and leave the homepage again.

JuergenAuer · April 8, 2019, 1:42pm

Hi @sslzertifikat

I don't see a problem.

Both connections use the same valid Letsencrypt certificate ( https://check-your-website.server-daten.de/?q=baumelertaxi.ch )

CN=baumelertaxi.ch
	25.03.2019
	23.06.2019
expires in 76 days	baumeler-taxi.ch, baumelertaxi.ch, 
taxi-baumeler.ch, taxibaumeler.ch, www.baumeler-taxi.ch, 
www.baumelertaxi.ch, www.taxi-baumeler.ch, 
www.taxibaumeler.ch - 8 entries

the chain is complete

Chain (complete)	
	1	CN=baumelertaxi.ch
	
	2	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US

you use DNSSEC, that's valid

• Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 55972, DigestType 1 and Digest "unE+kAMKqbLu+LWsC7hxR4qXS68=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

• Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 55972, DigestType 2 and Digest "jsP4+CDraFh/pAWhg2PGF+8kBkk3IFstpqY32dCPS7I=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Yep - checking your site I see the problem.

There is an IIS option "accept client certificates"

Remove that option -> ignore.

JuergenAuer · April 8, 2019, 1:44pm

PS:

IIS Management - SSL Einstellungen / Settings - Client certificates -> don’t choose accept.

If you use “accept”, my FireFox asks.

orangepizza · April 8, 2019, 1:45pm

mobile site redirect to different site, and it does request a cert.

sslzertifikat · April 9, 2019, 6:52am

Thanks for the answers.

I have found the settings “SSL Settings”, which was written here only at the individual domain.
After adjusting this setting, the message no longer appears on the smartphone.

Can this option NOT be set globally in IIS? Otherwise I’ll have to remember with the next domain I set up SSL that I’ll make the options again.

JuergenAuer · April 9, 2019, 7:17am

You can define that global.

Domain -> (up) Sites -> (up) Your Server

there is the same setting.

system · May 9, 2019, 7:18am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

URGENT: Problem with certificate on smartphone

Hello I have a small problem with the SSL certificate from LetsEncript. The problem only occurs when the homepage is opened on the smartphone. If the message is aborted, the homepage will still be displayed. On a PC/Laptop/MAC everything works without a message. The following error message appears:

Hello
I have a small problem with the SSL certificate from LetsEncript.
The problem only occurs when the homepage is opened on the smartphone. If the message is aborted, the homepage will still be displayed. On a PC/Laptop/MAC everything works without a message.
The following error message appears: