Safari and Lets Encrypt

4 posts / 0 new
Topic locked
Last post
#1 Sun, 03/05/2017 - 18:10
kmedri

Safari and Lets Encrypt

Hi,

Have just started to use Lets Encrypt but cannot open the websites in Safari on Windows (have not checked Safari on MAC).

Get the error:

Can't establish a secure connection to the server

The site is:

https://www.thelendingtree.co.nz

I am not sure if this is a certificate issue or a server config issue. I am using apache 2.4.6 and a Joomla 3.6.5 website forcing SSL connection.

Many thanks for any help.

Sun, 03/05/2017 - 21:57
Diabolico
Diabolico's picture

I made quick test and the problem is with your selected SSLCipherSuite, plus probably some other SSL settings. You will need to dig into httpd.conf and ssl.conf and see what you have there.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Mon, 03/06/2017 - 19:22
kmedri

Thank you for that, I found the following in the httpd.conf:

SSLProtocol -SSLv2

And I changed to:

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

I get this error in the apache error log:

RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

RSA certificate configured for thelendingtree.co.nz:443 does NOT include an ID which matches the server name

Mon, 03/06/2017 - 23:06
Diabolico
Diabolico's picture

Actually SSLProtocol should be:
SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2

Browsers are still using TLSv1 and TLSv1.1 (especially mobile versions) so you should keep them enabled.

Not sure what did you change but last time i check your website the only problem was with SSLCipherSuite and based on the test results this was the only thing you needed to modify.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Topic locked