Obsolete Cipher?

[Sir Asvald]

I'm using LetsEncryp's SSL certificate for my webserver. When I look at the certificate on Chrome it tells me I'm using Obsolete Cipher. The odd thing is if I check the SSL certifce on ssllabs.com the rating is good? Domain website is: www.learntotech.co.uk

 

 

 

Spoiler

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

[Lurick]

You need to switch over to SHA2 from SHA1

 

Edit:

Also, you blanked out the domain name but left the public IP  

[Sir Asvald]

Just now, Lurick said:

You need to switch over to SHA2 from SHA1

How do I do that on Windows 2012? Do you know? 

[Sir Asvald]

2 minutes ago, Lurick said:

You need to switch over to SHA2 from SHA1

 

Edit:

Also, you blanked out the domain name but left the public IP  

I fixed it.  

[Lurick]

I think this will show you how to do it:

http://www.cusoon.fr/update-microsoft-certificate-authorities-to-use-the-sha-2-hashing-algorithm-2/

[Sir Asvald]

3 minutes ago, Lurick said:

You need to switch over to SHA2 from SHA1

 

Edit:

Also, you blanked out the domain name but left the public IP  

I mean I hid the IP address. Not fixed yet.  

[colonel_mortis]

As far as I can see, by "obsolete cipher", they just mean that it's not using AES-GCM, which I think is only supported in the most recent browsers. It's not a security problem, though the GCM cipher does what previously required two things (a different form of AES + SHA1). There's no urgent need to switch, and I don't know that it's even possible with many servers at the moment.

Your certificate is using SHA-256, and if it wasn't you would be getting much more prominent security warnings.

(You also left your domain in the breadcrumbs, but having the domain does make it easier to debug)

[Sir Asvald]

2 minutes ago, colonel_mortis said:

(You also left your domain in the breadcrumbs, but having the domain does make it easier to debug)

Well I Hid it. Not allowed to show my personal website or the domain on here? 

[colonel_mortis]

Just now, Abdul201588 said:

Well I Hid it. Not allowed to show my personal website or the domain on here? 

Provided that you're not posting it to advertise your site, it's ok to include the domain in the screenshot to allow people to debug it.

[Sir Asvald]

Just now, colonel_mortis said:

Provided that you're not posting it to advertise your site, it's ok to include the domain in the screenshot to allow people to debug it.

okay! The domain is www.learntotech.co.uk. I'll edit my post. 

[Lurick]

Might want to change the site to redirect to the HTTPS version, when I go to it without the www in front then I get the IIS Windows page.

[Sir Asvald]

Just now, Lurick said:

Might want to change the site to redirect to the HTTPS version, when I go to it without the www in front then I get the IIS Windows page.

I've edited. I've put in www. It does redirect from HTTP to HTTPS.  

[Lurick]

Just now, Abdul201588 said:

I've edited. I've put in www. It does redirect from HTTP to HTTPS.  

I know but without it I'm getting the IIS page, you'll want to fix that so people don't have to put in the www.

[Sir Asvald]

4 minutes ago, Lurick said:

I know but without it I'm getting the IIS page, you'll want to fix that so people don't have to put in the www.

Will do.