Resolving SSL or TLS connection issues

Purpose

In our regular job we run into a lot of SSL issues which could be caused by countless reasons. This blog can be a quick guide in resolving the generic SSL / TLS issues which could have occurred due to browsers or firewall or antivirus or even system time and configurations. This is far from a complete list, however, it should help in triaging the trivial SSL issues.

Introduction  

SSL stands for Secure Socket Layer, it is a predecessor of Transport Layer Security (TLS). It provides secure connection between client and server. SSL/TLS connection issues could arise due to innumerable reasons. Some are generic and some product specific issues Click here for product specific SSL issues with resolutions ].

In this blog we will be discussing the generic SSL / TLS issues and their resolution.

SSL issues in generic category

The following are the list of generic SSL connection issues:-

  1. Your PC / laptops system date and time are incorrect.
  2. There is a mismatch in the certificate name.
  3. The SSL certificate was not issued by a trusted authority or self-signed certificates.
  4. There is a firewall in between client and server/internet.
  5. The website that you are trying to access contains both non secure (HTTP) as well as secure (HTTPS) contents.
  6. An antivirus is installed on your PC that scans all the encrypted data transmissions.

Resolution

Let’s look at the resolution for the generic SSL issues listed above:-

  1. Your PC / laptops system date and time are incorrect

Set the system time on your PC / Laptop appropriately.

  1. There is a mismatch in the certificate name

Make sure there is no mismatch in the certificate name

  1. The SSL certificate was not issued by a trusted authority or self-signed certificates

This issue occurs only if you are using self-signed certificates. Make sure you use a valid certificate provided by a trusted CA (Certificate Authority). In case of test / pre-prod environment you can use a self-signed certificate, if the warning message bothers you then you can add the self-signed certificate to the trusted certificates in your browser by following the below steps.

Adding self-signed certificate to trusted CA

  1. There is a firewall in between client and server/internet

Configure the firewall appropriately to allow the SSL traffic.

  1. The website that you are trying to access contains both non secure (HTTP) as well as secure (HTTPS) contents

It means that the website has both secure and insecure content. Most websites can be fixed by some tweaks on their site.

  1. An antivirus is installed on your PC that scans all the encrypted data transmissions

Your Antivirus may have different description but it’s almost the same.

Go to “Set up” → “Advance setting” → “Protocol filtering” → “SSL” →Do not scan SSL protocol.

Additional pointers

  1. Clear your browser cache
  1. Start the browser
  2. Simultaneously press on Ctrl+Shift+Delete
  3. The browser will ask for clearing the cache
  4. Select in Chrome: Obliterate the following items from: The Beginning of time.
  5. And press on Clear Browsing data
  6. And then access the SSL URL.
  1. Clear SSL State in Google Chrome browser

To clear the SSL state in Chrome, follow these steps:

  1. Click the Google Chrome - Settings icon (Settings) icon, and then click Settings.
  2. Click Show advanced settings.
  3. Under Network, click Change proxy settings. The Internet Properties dialog box appears.
  4. Click the Content tab.
  5. Click Clear SSL state, and then click OK.
  6. And then access the SSL URL