SSL Certificate Errors Encountered in Browsers
Sometimes, when accessing a website, you may encounter a "The connection is not private" warning in chrome or "This connection is untrusted" in Firefox. To help you understand this instance, this article aims to explain why such warning pops up in some websites.
Websites with URLs starting with https are sites where communications are encrypted for security purposes. This is very common especially to those that require username and password to access the page. In order to begin the encrypted communication, the website will present the browser with an "SSL certificate" to identify itself.
Secure Socket Layer (SSL) certificate helps the browser in determining the authenticity of the site you are accessing. If the "This connection is untrusted" or "The connection is not private" alert page pops up, then there is a problem with its certificate. However, take note that seeing this warning does not necessary mean that website is not authentic; it only highlights that the browser is not able to verify the identify of the website hence, a you should proceed carefully.
What may be the causes of this error
To explain further the some of the various potential problems with website SSL certificates, a list is provided below for your reference:
A. The SSL certificate Subject alternative does not match the domain name of the website.
The subject alternative field of the SSL certificate contains the domain name of the website where it is issued to. If this does not match with the domain of your website, then the warning will likely to prompt.
To verify the matching of these two, here are steps you may take:
- Click on the https on the address bar.
- Select connection then click on the Certificate information hyperlink.
- Click on Details then scroll down to find the Subject Alternative Name. In here you will find the domain name listed under Field Value.
This is likely the cause when you are accessing your admin page in Joomla, Wordpress or Drupal and the warning pops up. Since your website does not have an SSL certificate the browser only sees the certificate installed in the server which belongs to the the GWHS server.
B. The SSL certificate's chain of trust is not found on the browser's key store.
Sometimes, an SSL certificate's chain of trust may be not found on the browser's key store. This could be due to self-signed certificate or the entity that issued the certificate has not yet undergone a webtrust audit.
For the GWHS servers, SSL certificates are issued by the Philippine National Public Key Infrastructure (PNPKI). The certificate chain of trust of the PNPKI can be installed in the browser by downloading the installerand running it on you computer. This installer, however, is only for Windows. For other operating systems, you will have to install it manually. For this process, you may refer to this for more information.
C. The SSL certificate is expired.
The SSL certificate has a validity date. If the website's certificate is expired the error will likely appear. Make sure that you computer clock is set to the correct time and date.
To verify your SSL certificates' expiration date, here's how:
- Click on https on the address bar.
- Select connection then click on Certificate information hyperlink.
Check out the validity of the certificate.
D. The website does not have an SSL certificate.
Although this does not count as a problem related to SSL certificate, this could also be one of the different reasons for the warning to prompt. For websites that do not have certificate installed,do not access them through https.
What to do when you encounter this error
So if you encounter this error find out what is causing it by referring to the steps mentioned above. If you are sure that the website you are visiting is authentic, or that the error lies in the causes listed above you can now proceed to the website.
A. Chrome browser
For Chrome you can proceed to the website through the following steps:
- Click on Advanced.
- Click on "Proceed to ...."
- You should be directed to the website.
B. Mozilla browser
For Mozilla you can proceed to the website through the following steps:
- Click on "I understand the risk".
- Click on the Add Exception.
- Tick on "Permanently store this exception" then select "Confirm Security Exception".
- You should be directed to the website.
The solution listed above is a temporary solution. The user will be prompted with the same warning on every visit. The best solution would be to acquire an SSL certificate through a trusted and accredited Certificate Authority (CA) and have it installed in your website.