There are a few common mistakes or problems that come with using SSL. We've compiled the most common ones here, along with information to help you avoid and resolve the problems you encounter. If the answers to your questions aren't found on this page, feel free to contact our support staff for assistance.
There are a number of warnings or errors that can come up when accessing web pages via SSL. Almost all of these are small mistakes that are easy to repair.
Your SSL digital certificate is set up to use a very specific domain name, which must match exactly to avoid getting this error. For example, if your certificate is for the domain www.my-domain.name, and you type https://my-domain.name into the browser, you will get this warning. Likewise, if your certificate is for my-domain.name and you enter https://www.my-domain.name into your browser, you will get the same warning. In order to avoid this warning, be sure to use the exact domain name on the certificate when making links to secure pages.
Often when making links or including images in pages, the URL is an Absolute link, meaning that the link includes the protocol, domain, and path to a file. If you include an image in a page using an absolute URL, you can run into this error when the page is viewed using a different protocol than the one indicated in the image URL. For example, if in a web page you include an image using the path http://www.my-domain.name/images/myimage.gif, and then access the page using secure protocol, you will get the warning that the page has encrypted and unencrypted content. The easiest way to avoid this error is to use Relative links, meaning you indicate only the path to a local file in the link (for example, /images/myimage.gif). When linking to files on a remote server, you will need to use an absolute link, so make sure in those cases to use the protocol that the page will usually be viewed with.
Many older Web Browsers only support 40 or 52 bit encryption. Because modern SSL certificates use 128 bit encryption, older browsers may not be able to view pages securely. If many of your customers are likely to be using older browsers, you may want to get a special low-encryption certificate (available from some Signing Authorities). Because several modern browsers are available free of charge, you may also want to encourage users having problems with your SSL certificate to upgrade to a newer browser.
When installing a custom signed Digital Certificate, there are a number of possible mistakes or errors that can cause problems. In most cases, the Apache Web Server will not start up when one of these errors occurs. If your site will not load in a browser, it is a good idea to check to see if there are any httpsd processes running on your Virtual Private Server. If there are, you may want to restart_apache and try loading the page again.
If restarting the web server does not cause httpsd processes to start on your Virtual Private Server, it is possible your custom certificate is not installed properly. The first thing to do is review the Installation Steps for custom digital certificates. A few common errors include the following.
You can tell whether or not the Private Key has been decrypted by viewing the file using more or your favorite text editor. If the key file has the following lines, your key is still encrypted.
Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,BCC23A5E16582F3D
To decrypt your Private Key, run the following command from your Virtual Private Server SSH or Telnet command prompt.
% openssl rsa -in ~/etc/ssl.pk -out ~/etc/ssl.pk
You will be prompted to enter your PEM Passphrase, after which the key will be decrypted.
Check to see if your Certificate was uploaded properly by looking at it in your favorite text editor. If each line has a ^M at the end of it, you will need to upload the file again using ASCII format.
If you have multiple servers with SSL, make sure you are using the private key which was generated at the same time as the CSR for that domain.
If you are transferring your certificate from a different server, make sure that the old server was using Apache with SSL as the Web Server software. If not, see the instructions to Move your Certificate.
Check to see if the beginning and ending lines of the key or certificate are not all there or are missing. Both the certificate and private key should begin and end with a line containing text identifying the file with five dashes (-) before and after the text, such as -----BEGIN RSA PRIVATE KEY-----.