Check your https SSL cert install: Great tool from digicert

More and more of our web apps run under https for security. And more and more browsers will complain to users really strongly if the chain of trust isn’t properly set up for your SSL cert.

Even if you have a cert purchased from an authority in browsers trusted list, it can be trickier than you might think to get it all set up right — I’ve often forgotten to set up “intermediate certificates” properly on the server, which can lead to horrible red-screen-of-warning sometimes in Chrome — but not other times, depending on, I don’t know what, exact version of Chrome, settings, perhaps even state of browser cache?   Which can make it hard to reproduce and be sure you’ve gotten it right.

But it’s important to get right — arguably for actual security for your users, although this is potentially debatable, what the current https infrastructure does for us with regard to actual security.  But it ultimately doesn’t matter, because security theater or not, if Chrome gives our users a giant Red Screen of Warning before letting them see your site, that’s gonna scare users away.

I love, love, love this troubleshooting tool from Digicert for ensuring your SSL cert is installed properly: http://www.digicert.com/help/ . Super easy to use, gives you instructions for fixing problems it finds on your server, and if gives you the green, you can figure no browser anywhere is going to give security warnings related to cert trust, because everything is good. (Security warnings related to “mixed content” are another story. :) ).

The tool works fine even if your cert isn’t purchased from DigiCert.

But we do purchase our cert from DigiCert here, and have been happy with it. You can get a “star” cert that you can use on as many apps/servers as you want for a fairly reasonable fee. (We get “*.library.jhu.edu” and use for many apps on many servers). They’ve got pretty good well-designed easy-to-use self-service management interfaces for lots of the things you’d want to do with your certs, which we haven’t actually used much, but I could see being useful and I’m not sure why we don’t. :)

This entry was posted in General. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s