Yesterday I had an SSL certificate installed on my website. My web host installed it for me and at first everything worked fine. I pulled up my site on Pale Moon, Torch, Google, Opera and Chrome and everything was fine. A few hours later I was shocked to get this message on Torch:
Your connection is not private
Attackers might be trying to steal your information from www.pixelmediastudios.com (for example, passwords, messages, or credit cards).
This message was basically the same on all of the browsers. However, my web host can view my website just fine. They even sent me screenshots that verify this. I’ve also done some checking online and it appears its the problem with my browsers settings. I think I fixed the problem in Pale Moon by deselecting the OCSP option. But this does not work in the other browsers.
Can someone please help me with this. I’ve included screenshots of the problem.
Thank you SSL Guru for responding and I appreciate you sending me that analyzer. I didn’t know it even existed. What I am doing is contacting my web host because they are the ones who installed the SSL for me and they said they are looking into what the problem might be. I already contacted Comodo and they weren’t able to help me. They told me to contact my reseller.
I contacted Mad Dog Domains and the agent told me to look into whether the certificate’s algorithm is SHA1 or SHA2. He says it should be SHA2 and if it’s SHA1 that may be what the problem is.
If this is ever solved I will come back here and post the solution.
Thank you for checking and reminding me to post the solution. It was fixed just yesterday.
I had to go through my web host because they were the ones who gave me the certificate and installed it. They had Comodo issue them a new certificate and Comodo emailed me with the details. It seems the problem was the encryption method which was apparently obsolete. Please see the first screenshot. On the new certificate the cryptology used was AES_256_CBC with SHA1 for message authentication and ECDHE_RSA and the key exchange mechanism. Please see the second screenshot.
I don’t know how else to explain it. But anyone can take a look at the screenshots to see the difference.
No, that is not related. The “encryption method” or cipher suite(s) has nothing to do with the certificate being revoked. Your site now has a new certificate, valid from 12 June. How the server is configured is a separate question.
Speaking of server configuration, you should make TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 the preferred cipher suite.
