We are getting errors that our site is not secure - what do I do?

Aug 21, 2020 David Mizell Browsers

We are often asked about errors received stating the connection to your site is not secure. You have followed our instructions and installed and bound your new certificate to your site, but when you try to access it your browser will not connect and gives you an error.

Browser security error

This is happening with greater frequency lately as all the major browsers are tightening their restrictions and not allowing customers to connect to sites where server configurations allow outdated protocols and ciphers that make them vulnerable to various attacks.

Not being able to connect securely is usual NOT the fault of the SSL Certificate

The GOOD news is that SSL Certificates are compatible with all versions of SSL (TLS) so they are completely backward compatible. The BAD news is also that SSL Certificates are compatible with all versions of SSL (TLS) - both the good and bad versions.

These errors are usually due to outdated protocols or ciphers enabled in your site server software and/or not enabling the most current versions. Outdated protocols and ciphers can leave your site vulnerable to attack as well as put your site users at risk for having malware installed on their computer due to visiting your site. While this is not usually due to the SSL Certificate itself we can help you understand where your site’s vulnerabilities are so you can correct them.

Having the most current version of your server software does not mean your Site Server is configured correctly.

Most customers regularly install the service packs for their server software to keep their server software up to date. Installing these updates, however, does not ensure that the configuration of your site server is enabling the correct and updated protocols and ciphers. Configuration of the site server is a separate maintenance task that is often overlooked.

Good news - we have an industry leading tool to help you make sure the configuration of your site server is up to date!

We have partnered with QUALYS - SSLLabs to offer you a server configuration tool that is easy to use and will identify all the protocols and ciphers that are enabled for your site - both those that should be and those that should not be. You can find the tool here: https://geocerts.ssllabs.com/

Simply plug the URL for your site into the Hostname box and run the test. You will receive a report showing all protocols and ciphers enabled in your Site Server Configuration and also links to help you fix the configuration issues to make sure your site is up to date. At a high level you will receive information like this:

SSL Labs example report

You will also see more detailed information regarding the configuration allowing you to dig into the details of what is configured and what needs to be fixed:

SSL Labs server test report

This information is all part of an Industry Standard Server Test that is used by top organizations, the world over, to manage the configuration of their site servers.

You can always test the installation of your SSL Certificate using our installation checker found here: https://www.geocerts.com/ssl-checker . The SSL installation checker will tell you if you have the SSL server certificate and the CA intermediate(s) installed correctly. If you find that you have installed and bound your certificate correctly using this tool but your users are still receiving errors connecting to your site, the problem is most likely the configuration of your site server and our tool found here can help: https://geocerts.ssllabs.com.

Site Server Configuration does include options that you must decide such as whether or not to enable some older protocols that are not vulnerable allowing users with out of date browsers to access your site. We can’t help with this decision process, but our tools will give you the information to make an informed decision and help to keep your site server configuration up to date so your site is not vulnerable to security risks and your users are protected from receiving malware from your site.

Please let us know if you have questions or need our assistance.

Our support options can be found here and we are always happy to help: https://www.geocerts.com/support