Jump to content

Having issue with SSL chain

Sir Asvald
By Sir Asvald
in Servers, NAS, and Home Lab
 Share
Go to solution Solved by Sir Asvald,

I got it working. crl was pointing to the wrong IP address

Posted

Hello everyone. I'm having Issue with my SSL chain. Servers are both 2016 Standard. Freshly installed CA's. I'm testing it with https://www.ssllabs.com/ssltest/. It worked before the when intermediate CA certificate was due for a renewal. Since I've renewed it, nothing is working. CRL and OCSP status says the chain is fine..

 

Please help. I've attached the images

 

 

Cert.png

CRL.png

OCSP.png

CPU: AMD Ryzen 5 5600X | CPU Cooler: Stock AMD Cooler | Motherboard: Asus ROG STRIX B550-F GAMING (WI-FI) | RAM: Corsair Vengeance LPX 32 GB (4x 8 GB) DDR4-3000 CL16 | GPU: Nvidia GTX 1060 6GB Zotac Mini | Case: K280 Case | PSU: Cooler Master B600 Power supply | SSD: 1TB  | HDDs: 1x 250GB & 1x 1TB WD Blue | Monitor: 24" Acer S240HLBID | OS: Win 11 Pro.

 

Home Lab:  Lenovo ThinkCenter M82 Hyper-V Server 2022 | Dell OptiPlex 9020 Hyper-V Server 2022 | TP-LINK TL-SG108E | Cisco Catalyst C2960CG 8 Port Switch | HP MicroServer G8 SCCM Server | 2x Dell PowerEdge R630 Hyper-V Server 2022

 

 

Link to comment
https://linustechtips.com/topic/988504-having-issue-with-ssl-chain/
Share on other sites
Link to post
Share on other sites
Posted
  • Author
Just now, beersykins said:

What steps did you go to renew it?

 

Did you place the renewed chain on your webserver as well?

I went to the CA console, clicked renew CA certificate..Then I went to the Root CA and updated the CRL and OCSP. As you can see from the pictures above. And I did the same for Sub CA and then reissued the webSSL certificate

Of course. I installed the Root CA certificate as well as the Intermediate.

CPU: AMD Ryzen 5 5600X | CPU Cooler: Stock AMD Cooler | Motherboard: Asus ROG STRIX B550-F GAMING (WI-FI) | RAM: Corsair Vengeance LPX 32 GB (4x 8 GB) DDR4-3000 CL16 | GPU: Nvidia GTX 1060 6GB Zotac Mini | Case: K280 Case | PSU: Cooler Master B600 Power supply | SSD: 1TB  | HDDs: 1x 250GB & 1x 1TB WD Blue | Monitor: 24" Acer S240HLBID | OS: Win 11 Pro.

 

Home Lab:  Lenovo ThinkCenter M82 Hyper-V Server 2022 | Dell OptiPlex 9020 Hyper-V Server 2022 | TP-LINK TL-SG108E | Cisco Catalyst C2960CG 8 Port Switch | HP MicroServer G8 SCCM Server | 2x Dell PowerEdge R630 Hyper-V Server 2022

 

 

Link to post
Share on other sites
Posted
  • Author

@leadeater Can you help? 

CPU: AMD Ryzen 5 5600X | CPU Cooler: Stock AMD Cooler | Motherboard: Asus ROG STRIX B550-F GAMING (WI-FI) | RAM: Corsair Vengeance LPX 32 GB (4x 8 GB) DDR4-3000 CL16 | GPU: Nvidia GTX 1060 6GB Zotac Mini | Case: K280 Case | PSU: Cooler Master B600 Power supply | SSD: 1TB  | HDDs: 1x 250GB & 1x 1TB WD Blue | Monitor: 24" Acer S240HLBID | OS: Win 11 Pro.

 

Home Lab:  Lenovo ThinkCenter M82 Hyper-V Server 2022 | Dell OptiPlex 9020 Hyper-V Server 2022 | TP-LINK TL-SG108E | Cisco Catalyst C2960CG 8 Port Switch | HP MicroServer G8 SCCM Server | 2x Dell PowerEdge R630 Hyper-V Server 2022

 

 

Link to post
Share on other sites
Posted
  • Author

Anyone? :( 

CPU: AMD Ryzen 5 5600X | CPU Cooler: Stock AMD Cooler | Motherboard: Asus ROG STRIX B550-F GAMING (WI-FI) | RAM: Corsair Vengeance LPX 32 GB (4x 8 GB) DDR4-3000 CL16 | GPU: Nvidia GTX 1060 6GB Zotac Mini | Case: K280 Case | PSU: Cooler Master B600 Power supply | SSD: 1TB  | HDDs: 1x 250GB & 1x 1TB WD Blue | Monitor: 24" Acer S240HLBID | OS: Win 11 Pro.

 

Home Lab:  Lenovo ThinkCenter M82 Hyper-V Server 2022 | Dell OptiPlex 9020 Hyper-V Server 2022 | TP-LINK TL-SG108E | Cisco Catalyst C2960CG 8 Port Switch | HP MicroServer G8 SCCM Server | 2x Dell PowerEdge R630 Hyper-V Server 2022

 

 

Link to post
Share on other sites
Posted
22 hours ago, Abdul201588 said:

Anyone? :( 

This doesn't resolve to an IP address, crl3.learntotechsolutions.com. crl.learntotechsolutions.com does.

 

If that test is being done over public internet then it'll fail until you get that dns record fixed.

Link to post
Share on other sites
Posted
  • Author
1 hour ago, leadeater said:

This doesn't resolve to an IP address, crl3.learntotechsolutions.com. crl.learntotechsolutions.com does.

 

If that test is being done over public internet then it'll fail until you get that dns record fixed.

I added the record, I completely forgot. Thanks for that. I'm still having issues. :( 

 

CPU: AMD Ryzen 5 5600X | CPU Cooler: Stock AMD Cooler | Motherboard: Asus ROG STRIX B550-F GAMING (WI-FI) | RAM: Corsair Vengeance LPX 32 GB (4x 8 GB) DDR4-3000 CL16 | GPU: Nvidia GTX 1060 6GB Zotac Mini | Case: K280 Case | PSU: Cooler Master B600 Power supply | SSD: 1TB  | HDDs: 1x 250GB & 1x 1TB WD Blue | Monitor: 24" Acer S240HLBID | OS: Win 11 Pro.

 

Home Lab:  Lenovo ThinkCenter M82 Hyper-V Server 2022 | Dell OptiPlex 9020 Hyper-V Server 2022 | TP-LINK TL-SG108E | Cisco Catalyst C2960CG 8 Port Switch | HP MicroServer G8 SCCM Server | 2x Dell PowerEdge R630 Hyper-V Server 2022

 

 

Link to post
Share on other sites
Posted
  • Author
  • Solution

I got it working. crl was pointing to the wrong IP address

CPU: AMD Ryzen 5 5600X | CPU Cooler: Stock AMD Cooler | Motherboard: Asus ROG STRIX B550-F GAMING (WI-FI) | RAM: Corsair Vengeance LPX 32 GB (4x 8 GB) DDR4-3000 CL16 | GPU: Nvidia GTX 1060 6GB Zotac Mini | Case: K280 Case | PSU: Cooler Master B600 Power supply | SSD: 1TB  | HDDs: 1x 250GB & 1x 1TB WD Blue | Monitor: 24" Acer S240HLBID | OS: Win 11 Pro.

 

Home Lab:  Lenovo ThinkCenter M82 Hyper-V Server 2022 | Dell OptiPlex 9020 Hyper-V Server 2022 | TP-LINK TL-SG108E | Cisco Catalyst C2960CG 8 Port Switch | HP MicroServer G8 SCCM Server | 2x Dell PowerEdge R630 Hyper-V Server 2022

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Servers, NAS, and Home Lab

×