Browser Error: 'ssl_error_rx_record_too_long' or 'Internet Explorer cannot display the webpage' on Linux

Administrator — Thu, 12 Jan 2012 10:33:31 GMT

Abstract:

It seems obvious you’ve come across the following error while trying to setup SSL certificates on apache.

Error code: 'ssl_error_rx_record_too_long' (Firefox) or 'Internet Explorer cannot display the webpage' (IE)

Well more often than not, you have something mis-configured! (Likely the listening port: 443). What you might want to do is check that your firewall or iptables allows incoming connections on 443.

Ubuntu:

#sudo ufw allow 443

Ok, wonderful – that probably didn’t fix your problem. But now try going to the following address

http://www.domain.tld:443

If you’ve successfully seen something at the above page, it means your sites are listening on that port for non-ssl. I’ll assume that your apache virtual host file has something along the lines of:

NameVirtualHost *

What you’re going to want to do is force your vhosts to listen specifically on the proper ports. Changing to the following:

NameVirtualHost *:80

If you’re using ubuntu your ports.conf file should likely have 443 enabled on the listening port, and you may also have default-ssl listed in your /etc/apache2/sites-available/ folder. In which case you may want to enable that.

#sudo a2ensite /etc/apache2/sites-available/default-ssl

Basically that file has the following inside of it

…… your server name / document root …..
SSLEngine on
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key

"The page cannot be displayed" (Cannot find server or DNS error)

Administrator — Thu, 12 Jan 2012 08:19:59 GMT

Abstract:

"The page cannot be displayed" (Cannot find server or DNS error)

There are several things that can cause this vague error message. The most common reasons we have seen are as follows:

A firewall or router is blocking access on your network on port 443.
The private key for your certificate does not match or is not associated correctly with the certificate.
The DNS entries for the web site are configured incorrectly.
The web server is not configured to run on port 443 for https requests.
The web site is not the IIS Default Website and has not been bound to an IP address for https requests. (IIS defaults this to "All Unassigned")

For further reading on this topic, check the external links below.

After installing the SSL certificate, I get a pop-up window. What do I do?

Administrator — Thu, 12 Jan 2012 08:19:32 GMT

Abstract:

If you get the following dialogue:

Note the error stating "The name on the security certificate is invalid or does not match the name of the site". This simply means that the URL typed in the browser window does not match the site named in the certificate. For instance, if the SSL certificate was issued to "secure.ssl.com", and it was installed on server where multiple domain names share this certificate, then visiting the other domain names such as "www.ssl.com" or "shopping.whatever.com" will result in this pop-up window. To eliminate this pop-up, be sure the URL in the browser and the site stated on the certificate match. In this case, type "secure.ssl.com" to avoid the pop-up. Otherwise, consider purchasing a wildcard certificate if you require using additional subdomains.

Install a Certificate on Java Based Web Servers

Administrator — Mon, 21 Nov 2011 11:06:25 GMT

Abstract:

The certificates you receive will be:
GTECyberTrustRoot.crt
ComodoSecurityServicesCA.crt
domain.crt

These must be imported in the correct order:
GTECyberTrustRoot.crt
ComodoSecurityServicesCA.crt
domain.crt

Please replace the example keystore name 'domain.key' with your keystore name

Use the keytool command to import the certificates as follows:
keytool -import -trustcacerts -alias root -file GTECyberTrustRootCA.crt -keystore domain.key

Use the same process for the Comodo certificate using the keytool command:
keytool -import -trustcacerts -alias comodo -file ComodoSecurityServicesCA.crt
-keystore domain.key

Use the same process for the site certificate using the keytool command, if you are using an alias then please include the alias command in the string. Example:

keytool -import -trustcacerts -alias yyy (where yyy is the alias specified during CSR creation) -file domain.crt -keystore domain.key

IMPORTANT! Be sure there are no trailing spaces following -----END CERTIFICATE----- in the certificate file. Otherwise, you will end up with error messages resembling:

java.io.EOFException
        at java.io.DataInputStream.readFully(DataInputStream.java:268)
        at java.io.DataInputStream.readFully(DataInputStream.java:242)
        at sun.security.util.DerValue.init(DerValue.java:374)
        at sun.security.util.DerValue.(DerValue.java:302)
        at sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.ja
va:522)

The password is then requested.
Enter keystore password: (This is the one used during CSR creation)
The following information will be displayed about the certificate and you will be asked if you

Generate a CSR for Java Based Web Servers

Administrator — Mon, 21 Nov 2011 09:31:41 GMT

Abstract:

How to generate a CSR using Java Keytool

**NOTE: You must generate a new keystore through this process. If you try to install a new certificate to an old keystore your certificate will not work properly. Backup and remove any old keystores if necessary before beginning this process.

Step 1: Create a new Keystore

You will be using the keytool command to create your new key-CSR pairing. Enter the following:

keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore yourdomain.jks

'Yourdomain' is the name of the domain you are securing. However, if you are ordering a Wildcard Certificate, do not include * in the beginning of the filename as this is not a valid filename character.
You will be prompted for the DN information. Please note: when it asks for first and last name, this is not YOUR first and last name, but rather your domain name and extension(i.e., www.yourdomain.com). If you are ordering a Wildcard Certificate this must begin with *. (example: *.yourdomain.com)
Confirm that the information is correct by entering 'y' or 'yes' when prompted. Next you will be asked for your password to confirm. Make sure to remember the password you choose.

Step 2: Generate your CSR with your new keystore

Install a Certificate on Hsphere

Administrator — Sat, 29 Oct 2011 08:20:51 GMT
Abstract:
1. After you receive your SSL certificate save all of the certificate files to a secure location. You will need the site certificate and the Comodo intermediate certificate. ssl_ca-bundle (trial_ssl_ca-bundle for free ssl)
2. Click SSL on your control panel home page.
3. Go to the Web Service page and click the Edit icon in the SSL field.
4. In the form that opens, enter the SSL certificate into the box Install Certificate based on previously generated Certificate request and click Upload:
5. Enter the Comodo intermediate certificate into the box Certificate Chain File and click Install:
6. Now you can use the SSL certificate.
Install a Certificate on Ensim Webppliance 3.1.x

Administrator — Sat, 29 Oct 2011 08:19:17 GMT
Abstract:
Step one: Loading the Site Certificate
You will receive an email from SSL.com with the certificate in the email (yourdomainname.crt). When viewed in a text editor, your certificate will look something like:
-----BEGIN CERTIFICATE-----
MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXAhAF
(.......)
K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA
-----END CERTIFICATE-----
Copy your Certificate into the directory that you will be using to hold your certificates. In this example we will use /etc/ssl/crt/. Both the public and private key files will already be in this directory. The private key used in the example will be labelled private.key and the public key will be yourdomainname.crt.
It is recommended that you make the directory that contains the private key file only readable by root.
Login to the Administrator console and select the site that the certificate was requested for.
Select Services, then Actions next to Apache Web Server and then SSL Settings. There should already be a 'Self Signed' certificate saved.
Select 'Import' and copy the text from the yourdomainname.crt file into the box
Select 'Save', the status should now change to successful.
Logout, do not select delete as this will delete the installed certificate.
Step two: Install the Intermediate/Root Certificates
You will need to install the Intermediate and Root certificates in order for browsers to trust your certificate. As well as your SSL certificate (yourdomainname.crt) two other certific

Install a Certificate on Apache

Administrator — Sat, 29 Oct 2011 06:32:53 GMT
Abstract:
(note: This article applies to Apache with Mod_SSL or OpenSSL)
Step one: Copy your certificate to file
You will receive an email from SSL.com with the certificate in the email (yourdomainname.crt). When viewed in a text editor, your certificate will look something like:
-----BEGIN CERTIFICATE-----
MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BB
UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAUAMF8x
(.......)
E+cFEpf0WForA+eRP6XraWw8rTN8102zGrcJgg4P6XVS4l39+l
K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AAD
-----END CERTIFICATE-----
Copy your Certificate into the directory that you will be using to hold your certificates. In this example we will use /etc/ssl/crt/. Both the public and private key files will already be in this directory. The private key used in the example will be labeled private.key and the public key will be yourdomainname.crt.
It is recommended that you make the directory that contains the private key file only readable by root.
Step two: Install the Intermediate Certificates
You will need to install the chain certificates (intermediates) in order for browsers to trust your certificate. As well as your SSL certificate (yourdomainname.crt) two other certificates, named GTECyberTrustRootCA.crt and ComodoClass3SecurityServicesCA.crt, are also attached to the email from SSL. Apache users will not require these certificates. Instead you can install the intermediate certificates using a 'bundle' method.
In the Virtual Host settings for your site, in the httpd.conf file, you will need to complete the following:
1. Copy this ssl_ca-bundle (trial_ssl_ca-bundle for free ssl) file to the same directory as httpd.conf (this contains all of the CA certificates in the chain).
2. Ad

How can I tell if a web page is secure?

Administrator — Sat, 08 Oct 2011 14:17:11 GMT
Abstract:
How can I tell if a web page is secure?

Anytime a web page asks you for sensitive information, you need to be able to identify if the page is secure or not. The ability to recognize a secure web connection is extremely important as online fraud cases have increased substantially from year to year. This FAQ is intended to guide you to safer online shopping.

What exactly do we mean by "secure"?
Anytime you view a web site information is sent from your computer to the web server and from the web server to your computer. The transmission of this information is normally sent in "plain text", meaning anyone would be able to read it should they see it. Now consider this. Each piece of information transmitted traverses many computers (servers) to reach its destination.
Try it! - Windows Users, to see just how many machines your information traverses, follow these steps:
1) On your computer, click Start, then Run
2) Type "cmd" and click "OK" (or press Enter)
3) Type this in exactly: tracert www.ssl.com
4) Press Enter
Each listing in the window is a different computer/router/switch (a "node" in networking terms). Each "node" represents a point at which any data you send might be recorded! It is not uncommon to see 20-30 listings.
Big deal, right? Consider this the next time you type in a password or your credit card number. Ah! Therein lies the problem. The solution to this problem is to encrypt this data for transmission. Secure Sockets Layer (SSL) was created for this very purpose.
SSL uses a complex system of key exchanges between your browser and the server you are communicating with in order to encrypt the data before transmittin
DER vs. CRT vs. CER vs. PEM Certificates and How To Convert Them

Administrator — Fri, 07 Oct 2011 10:38:31 GMT
Abstract:
Certificates and Encodings
At its core an X.509 certificate is a digital document that has been encoded and/or digitally signed according to RFC 5280.
In fact, the term X.509 certificate usually refers to the IETF’s PKIX Certificate and CRL Profile of the X.509 v3 certificate standard, as specified in RFC 5280, commonly referred to as PKIX for Public Key Infrastructure (X.509).
X509 File Extensions
The first thing we have to understand is what each type of file extension is. There is a lot of confusion about what DER, PEM, CRT, and CER are and many have incorrectly said that they are all interchangeable. While in certain cases some can be interchanged the best practice is to identify how your certificate is encoded and then label it correctly. Correctly labeled certificates will be much easier to manipulat
Encodings (also used as extensions)
- .DER = The DER extension is used for binary DER encoded certificates. These files may also bear the CER or the CRT extension. Proper English usage would be “I have a DER encoded certificate” not “I have a DER certificate”.
- .PEM = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a “—– BEGIN …” line.
Common Extensions
- .CRT = The CRT extension is used for certificates. The certificates may be encoded as binary DER or as ASCII PEM. The CER and CRT extensions are nearly synonymous. Most common among *nix systems

SSL.com Knowledge Base

Browser Error: 'ssl_error_rx_record_too_long' or 'Internet Explorer cannot display the webpage' on Linux

"The page cannot be displayed" (Cannot find server or DNS error)

After installing the SSL certificate, I get a pop-up window. What do I do?

Install a Certificate on Java Based Web Servers

Generate a CSR for Java Based Web Servers

Step 1: Create a new Keystore

Step 2: Generate your CSR with your new keystore

Install a Certificate on Hsphere

Install a Certificate on Ensim Webppliance 3.1.x

Install a Certificate on Apache

How can I tell if a web page is secure?

DER vs. CRT vs. CER vs. PEM Certificates and How To Convert Them

Certificates and Encodings

X509 File Extensions

Encodings (also used as extensions)

Common Extensions

How do I install more than one Comodo CA bundle file (roots) on an Apache set up?

Installing your Certificate on Apache Mod_SSL / OpenSSL

Step one: Copy your certificate to file

Step two: Install the Intermediate Certificate

How do I get SSL on my website?

Generate a CSR for OpenSSL

What port is recommended to use SSL over?

After I purchase and install the SSL certificate do I need to put my files (jsp, html, asp, images, etc.) in a special directory to force the users to go through the "https" of my site?

What is spyware? How can I detect spyware on my computer?

I can't access my online email inbox.

Install a Certificate on Microsoft IIS 5.x / 6.x

The TLS Protocol Version 1.1

READ ME - IMPORTANT

I need to correct a Common Name on a certificate you issued. The common name is clearly not a vaild URL, yet was accepted by a confused customer.

What is the Common Name?

I received a notice that my certificate is expiring. How do I renew?

What is your Replacement Policy for SSL server certificates?

Install a Certificate on Website Pro 3.x

Since Yahoo has added your feature to its site I cannot log into it. This is also the same problem I'm having with e-bay. Thank You

I lost the password to my SSL certificate. What should I do? How can I get my SSL password ?

I cannot connect to a secured sight. It always says 'page cannot be found'. What should I do? Thanks in advance.

What is the protocol to follow if someone finds a website collecting credit card information without being in a secured environment? I've been searching the web everywhere to see if there is somewhere to report such sites.Thanks in advance for any info you may have!Susan Merrow

My SSL has been disabled for some reason. How do I enable it again?

Why do I receive a pop-up box stating that some pages are secured when others are not, even though all of the pages reside underneath the domain using the SSL certificate. All of the pages are using relative links.

"This page contains both secure and non-secure items."

Can only text data be encrypted using SSL? Can pictures can be also encrypted? How does SSl work?

I am getting error ssl 1011.How can solve this?Thanks

What is SSL?

Why do I need an SSL Certificate?

Can you use an alias for your webserver in an SSL Certificate?

Is SSL only 128 bit?

SSL Glossary Index