I'm having a problem trying to make an SSL connection from Servers Alive 
to my self-made https application using a self-made certificate 
generated by openssl.  The https url works fine from Google Chrome and 
Firefox as long as I install the root certificate on the client machine 
(for chrome) or into the browser (for firefox).  No matter what I do, I 
cannot get IE10 or IE11 to visit the site.   (Note: Same https web 
application installed on various machines and Windows versions all give 
the same result.)

I guess that SAlive uses the same Windows OS core components as Internet 
Explorer, and therefore SAlive refuses to do the SSL handshake.  Is that 
basically accurate?

I have reviewed http://support.microsoft.com/en-us/kb/2661254 in great 
detail. My root cert and my web site cert both use 2048 bits.

Many web sites indicate that IE and Chrome use the same crypto logic, 
but that has not been my experience at all.  Chrome responds immediately 
once the root cert is trusted - no reboot required.  IE never progresses.

I have tested my cert from as many angles as possible, including using 
the DigiCert inspector, from which it receives an A rating.

And I have tried enabling all the old insecure SSL 2, 3, plus TLS 1, 
1.1, 1.2 options in Internet Explorer options under Advanced.... 
Security, and none of that makes any difference.

By now I hope you are curious enough to test a link and tell me whether 
you can get it to open in IE10, IE11 and/or Servers Alive! 
https://lite.demos.href.com:8453/   (( This link is active now and will 
be for a little while; apologies to future readers, it probably will not 
stay open once this conversation ends.   ))

I am quite willing to have the root certificate trusted on the machine 
that runs Servers Alive (and it is, as evidenced by Chrome being able to 
open the page).

I have also tried the advice on 
http://netsekure.org/2011/04/automatic-ca-root-certificate-updates-on-windows/ 
about disabling the auto update of the root list; that did not help.

Just in case I was misreading the '2048' in the public key details, I 
tried the advice of logging details about < 1024bit certificates (from 
the answer on 
https://social.technet.microsoft.com/Forums/windows/en-US/2719388a-840a-492c-a509-42804860ee9a/unable-to-open-https-site-with-not-trusted-certificate-on-ie10?forum=w8itprogeneral
 
)   and nothing gets logged when I use the web page from Chrome or 
Firefox or IE.

Thank you for reading and especially for any solution.

Ann

To unsubscribe send a message with UNSUBSCRIBE in the subject line to 
salive@woodstone.nu
If you use auto-responders (like out-of-the-office messages), make sure that 
they are not sent to the list nor to individual members.  Doing so will cause 
you to be automatically removed from the list.

Reply via email to