Overview
When using internet services the most common form of Security is the SSL/TLS certificate encryption method also know as HTTPS. This is where a website 'signs' and encrypts its traffic as a method to keep the data safe from tampering.
As a Web filter Securly understand that there may be times when users are presented with messages or errors from browsers which may not be immediately clear.
The below screenshot is from a Securly Filtered device demonstrating a valid and Securly connection via Securly Web Filter.
To install and confirm if you have the Securly Certificate installed please go to this link.
Finding a websites certificate
To find the certificate:
- Click on the padlock sign(Edge) or site information icon(Chrome)
- Select Connection:
- Note: If there is a certificate error the wording here may be different
- Based on the browser select the appropriate icon:
Chrome:
Edge:
After This you will be presented with the certificate. The following section show the common errors or message.
Browser SSL Errors
Please see the below list of common SSL/Certificate messages/errors.
Please note that in some cases the term 'error' is not helpful as there may be a legitimate reason for a certificate issue - such as a certificate being expired or signed by the wrong organisation.
In situations where the message returned by the browser is legitimate the resolution may be outside of the Securly Filtering or Support capacity and you may be referred to the website host.
net::ERR_CERT_DATE_INVALID -> The time or date on the certificate is to soon or has already passed. Additionally the time on the device you are accessing the website from may be incorrect.
net::ERR_CERT_COMMON_NAME_INVALID -> The COMMON NAME on the certificate may not match or be present.
net::ERR_CERT_AUTHORITY_INVALID -> The Certificate Authority may not be valid or authorised on the device. If you see this message on Securly Filter confirm that you have installed the Securly SSL Certificate.
net::ERR_CERT_REVOKED -> The Certificate has been revoked by the Certificate authority.
net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN -> The Certificate is not part of a valid SSL chain.
CORS SSL Errors
When using Securly Filter SmartDNS or SmartPAC there may be situations where our services may inspect traffic on a website but not on the background services that the website uses (such as CDNs) or vic-versa where we inspect the background resources but not the original website.
In these situation it is common to see the below message on the console page of Browser developer tools.
On the website itself you will see partial or no content where the background content should be displayed.
The way to resolve these issues is to place the domains that appear in the CORS error into the Global Allow list of Securly Filter so that the websites in question are exempted from HTTPS inspection.
Comments
Please sign in to leave a comment.