Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Danil2016-09-02 15:32:25
Node.js
Danil, 2016-09-02 15:32:25

Why does an error pop up on mobile devices with SSL?

I connected an SSL certificate from StartSSL, everything is ok on desktops, on mobile (in chrome) an error pops NET::ERR_CERT_AUTHORITY_INVALID
up

This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C. 
This server accepts RC4 cipher, but only with older protocol versions. Grade capped to B.
The server does not support Forward Secrecy with the reference browsers.
This server's certificate chain is incomplete. Grade capped to B.

Can you tell me if any of this is causing the error? If yes, how to fix it?
Application on nodejs+express.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
C
CityCat4, 2016-09-02
@CityCat4

Yes, this is all a mistake. And not even alone.
The first error CERT_AUTHORITY_INVALID means that the CA that issued your certificate is not in the list of root CAs whose certificates are trusted. Go, did you take it on LetsEncrypt? How many times have they told the world - if you are making a selling site, and even sharpened for mobile devices, budget for the purchase of a certificate, otherwise you will ask like this. Your certificate was issued by a CA unknown to the mobile device, which is not trusted, therefore there is no trust in the certificate.
Error twoThis server is vulnerable to the POODLE attack. Occurs when the security scanner detects that the server is accepting SSLv3 connections. You need to disable the SSLv3 protocol family, read the documentation on how to do it
Error three This server accepts RC4 cipher. Occurs when the server accepts, among other ciphers, the RC4 cipher, which has long been considered unreliable. It is necessary to configure cipher suites in such a way as to exclude its use
. Error Four:) This server does not support Forward Secrecy. Occurs when no suites with PFS - Perfect Forward Secrecy are found among the server's cipher suites. Accordingly, it is necessary to choose cipher suites so that ciphers with PFS are used. You, unfortunately, did not indicate what you have there - Apache, nginx, so I can’t give examples of configs with cipher suites.

Report
D
Dmitry Skogorev, 2016-09-02
@EnterSandman

within https.createServer add
secureOptions: constants.SSL_OP_NO_SSLv3

Similar questions
J
Jaroslaw Goszowski2020-01-21 13:25:41
How to make Telescope work with a different date format? 1Reply
M
Make Now2018-01-25 02:20:53
Remote debug in PhpStorm, how? 1Reply
A
Artem Melnykov2020-01-03 18:07:54
What is the error (Telegram API)? 1Reply
K
Konstantin Chuykov2015-08-27 15:45:47
How to access EC2 MongoDB? 2Reply
K
komarevtsev2017-08-02 20:18:09
Why is the ws connection being closed? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question