Validate

SSL Certificate Validation

Verify a certificate by entering the URL.

If the SSL certificates are correct, you should see information similar to the one below.

Screenshot


Common SSL certificate errors and problems and how to fix them:

  • Self-signed certificate:
    Self-signed certificate should not be used for production purposes. To provide a secure connection you need to obtain trusted certificate.
  • Certificate expired / ERR_CERT_DATE_INVALID:
    Your certificate has expired, you need to renew your certificate otherwise it will be treated as invalid.

  • The certificate is not trusted in all web browsers / Unable to verify leaf signature:

    If your certificate is signed by a major certificate authority, it means that one of the chain certificates in between is not installed on the web server. Such a problem with a particular certificate may occur only for node.js servers due to node.js platform limitation. Node.js is compiled with a bundle of commonly used root certificates. It does not use system CA store like IIS server. To fix this problem you need to paste your intermediate certificates into server certificate file. It may be also required to past your root certificate there too.

    For example:
    -----BEGIN CERTIFICATE-----
    Your certificate
    -----END CERTIFICATE-----

    -----BEGIN CERTIFICATE-----
    Intermediate certificate
    -----END CERTIFICATE-----

    -----BEGIN CERTIFICATE-----
    Root certificate
    -----END CERTIFICATE-----

    To check how many intermediate certificates are in your certificate chain you can use for example chrome web browser.

  • SSL_ERROR_BAD_CERT_DOMAIN:
    Usually it means that SSL certificate was installed to another domain name than the one it was intended for. Check your certificate, what domain was it issued for. Does it match the domain that you are trying to access ?

  • Certificate or Private Key mismatch error:

    To verify that error OpenSSL is required. Easiest way to do it is just compare md5 hashes from OpenSSL.

    Open console and execute:
    openssl x509 -noout -modulus -in MYCERT.crt | openssl md5
    openssl rsa -noout -modulus -in MYPRIVATEKEY.key | openssl md5

    If both of the printed hashes are the same you are ready to use it.

  • Certificate with .p12 extension:

    You will have to convert .p12 to pem. OpenSSL is required to perform that

    Open console and execute:
    openssl pkcs12 -in somecertificatepath.p12 -out newcert.crt.pem -clcerts -nokeys
    openssl pkcs12 -in somecertificatepath.p12 -out newkey.key.pem -nocerts -nodes

    If you have password protected .p12 just add-passin 'pass:SECRETPASSWORD’ on the end. After that you should be able to use it as certification files for our software.

  • Certificate in format other than pem:

    We are recommending to use certificate in pem format. If you have certificate in another format it should be possible to convert it to pem format using OpenSSL tool.

Certificate format does not equal file extension

You still can have pem format certificate file with extension other than pem. Possible file extensions are: .pem, .crt, .key, .cer