Why did FireFox start swearing at StartSSL's SSL certificate?

K

koltykov2016-09-06 20:06:16

Digital certificates

koltykov, 2016-09-06 20:06:16

There is a site with a certificate from StartSSL. Powered by GNINX. Everything worked fine, but recently we moved to a new server, only the NGINX version was updated accordingly, all settings, incl. certificates are old. The server IP has also been updated.
Now in Chrome everything is fine with SSL, a green checkmark is on at the top, there is information about the certificate. And in FireFox it says:

Your connection is not secure
The website attempted to establish an insufficiently secure connection.
cxem.net uses security technology that is outdated and vulnerable to attack. An attacker can easily reveal information you thought was safe. In order for you to be able to visit a website, the website administrator must first fix its server.
Error code: NS_ERROR_NET_INADEQUATE_SECURITY

And you can't access the site at all.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

K

koltykov, 2016-09-07
@koltykov

Understood. It was necessary to enable TLS 1.2 support in NGINX !

S

surefire, 2016-09-06
@surefire

You probably need to set up ssl stapling in nginx.

D

dimm7480, 2017-01-31
@dimm7480

thanks for the advice.
With the Apache the same garbage.
Added
"SSLProtocol TLSv1.1" to ssl.conf
And chrome stopped cursing.