NetTalk Central
NetTalk Web Server => Web Server - Ask For Help => Topic started by: Rob Mikkelsen on July 29, 2012, 03:00:50 PM
-
I am installing an EV SSL certificate on one of my sites. All looks good (green bar included) with NetTalk 6.38 for Opera, Firefox, Safari and Chrome, but Internet Explorer 8 does not get far enough into the handshaking process to receive its first page (using the auto-redirect to SSL). I have tried not auto-directing to SSL but all SSL pages create the same condition.
I have checked my internet settings and find that everything appears correct. I have also tried using IE8 on a couple different computers with the same result.
One thing: I am overriding the DNS of the site by entering the URL into my Hosts file. I have tried using a URL that is assigned to my development computer but, while I am expected a certificate error, I get nothing.
What could it be (except that it is Internet Explorer 8!) that could be preventing the certificate exchange in IE* that does not affect any other browsers?
Thanks!
Rob
-
does IE 8 give you any clues as to what might be wrong? Any kind of error message maybe?
Are you testing IE8 on the same machine as the other browsers?
Cheers
Bruce
-
Bruce,
I turned on error reporting in the webserver and tried it again. Nothing. No error thrown by the server. The only error that I see is when IE8 eventually times out - I get a "DNS Error - Server cannot be found" error. I have tried connecting via the local IP address and the result is the same.
I am using the same machine for all five browsers. Only IE8 is being stubborn. I have connected using other browsers from other computers (using the URL below) but IE8 just isn't playing nice there, either.
I will try to leave the program up for a few days. If you (or anyone) would like to give it a try, point your Internet Explorer browser to the following URL:
https://www.neinonline.com
Feel free to try it with other browsers as well.
The certificate is registered to trailerlocators.com so it should complain. If you get a certificate error using the URL above, you will have achieved a better success than I have.
As I mentioned before, all other browsers I have tried have had no problem connecting to the server.
My IE8 connects to other EV SSL sites such as E*Trade just fine.
The server is built with Clarion 8.0.8973 and NetTalk 6.38, running on Windows 7 Professional on an old Pentium 4 XPS computer (I think it's about time for an upgrade) with 4G RAM.
Thanks!
Rob
-
I found that both IE8 on my secondary computer and IE9 on the host computer are unable to connect. I checked the security settings on IE9 and enabled all protocols. Still no joy.
-
I get the attached image error using Firefox. If you have accepted the security warning I don't think you will get it again. So maybe IE is the only one really working?
[attachment deleted by admin]
-
>> The certificate is registered to trailerlocators.com so it should complain. If you get a certificate error using the URL above, you will have achieved a better success than I have.
running in IE - (I've got IE9, but put it into IE8 mode, although I don't know if that will help).
I got the attached error. Then I ran it from an XP machine, with IE8, and got the same error. Clicked on "Continue". At which point I connected to your site fine (in both IE 8 and 9).
which got me to thinking. Perhaps your IE8 is not able to connect because it can't find a cipher in common with the server. This thread is worth reading;
http://www.nettalkcentral.com/index.php?option=com_smf&Itemid=36&topic=1023.0
I'm thinking what you can do is turn on a really low cipher, then try again and see if it connects. If it does then I guess the next step is to find the highest security cipher that your IE8 supports.
Cheers
Bruce
[attachment deleted by admin]
-
Hi Rob,
Tried it on XP machine with IE8 and got the same certificate error screen as Bruce.
Clicked on "Continue" and it took me to your site.
Regards
Johan de Klerk
-
Good point regarding the cipher, Bruce. We had to reduce it to work with our government computers that are running IE8. I thought that unrestricted computers were not encumbered by those problems. I will try "dumbing it down" to see if I can make it work. You have been saying for years how lame Internet Explorer is - I am starting to believe you.
Johan, I do find it interesting that you were able to connect with IE8 on an XP machine. I have a similar configuration on one computer and had zero luck connecting. I will have to check the accepted ciphers on that.
Thanks, all! I will post my results here.
Rob
-
I don't know why I didn't think of the trauma the last time I did this for my day job! Rather than systematically step down through the levels of security, I too the easy way out and copied the cipher that finally worked for the restricted FAA computers:
Self.SSLMethod = NET:SSLMethodSSLv23
Self.SSLCertificateOptions.CiphersAllowed = 'RC4:!COMPLEMENTOFDEFAULT'
Now, I get a good TLS1 connection using IE8 or IE9 which may not be the most secure cipher on the planet, it answers the mail so I can continue forward.
Thanks, all! Maybe one day Microsoft will bring Internet Explorer into the 21st century.
Rob
-
>> Maybe one day Microsoft will bring Internet Explorer into the 21st century.
they did - it's called IE9, and indeed IE10. I might not be an IE fan but you can't blame MS for users using old versions of the browser.
Cheers
Bruce
-
Actually, IE9 had the same problem. Perhaps IE10 finally got it right...