cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution
Highlighted

Failing checkTLS.com. Please advise we have a SSL cert. Thanks

Hi
Please can you help we are failing checkTLS.com on a certificate error. It passes one part of the cert test. Any advice is much appreciated. Thanks

 

We have a 2 Year Standard UCC SSL Certificate - 0 SANs (0)      
mail.caterleisure.co.uk             

 

Extract from the test below

 

MX ServerPrefAnswerConnectHELOTLSCertSecureFrom
mail.Caterleisure.co.uk
[81.137.204.41:25]
5OK
(87ms)
OK
(90ms)
OK
(88ms)
OK
(88ms)
FAILOK
(646ms)
OK
(88ms)
caterleisure.gotdns.org
[81.137.204.41:25]
10OK
(87ms)
OK
(90ms)
OK
(88ms)
OK
(88ms)
FAILOK
(637ms)
OK
(88ms)
mx1.ukservers.net
[85.233.160.75:25]
15OK
(70ms)
OK
(1,533ms)
OK
(458ms)
OK
(78ms)
OK
(342ms)
OK
(179ms)
OK
(71ms)
Average 100%100%100%100%33%100%100

 

Connection converted to SSL
  SSLVersion in use: TLSv1_2
  Cipher in use: ECDHE-RSA-AES128-GCM-SHA256
  Certificate 1 of 1 in chain: Cert VALIDATION ERROR(S): unable to get local issuer certificate; unable to verify the first certificate
  This may help: What Is An Intermediate Certificate
  So email is encrypted but the recipient domain is not verified
  Cert Hostname DOES NOT VERIFY (mail.Caterleisure.co.uk != caterleisure.gotdns.org | DNS:caterleisure.gotdns.org | DNS:clservermail.caterleisureltd.local | DNS:AutoDiscover.caterleisureltd.local | DNS:AutoDiscover.caterleisure.gotdns.org | DNS:AutoDiscover.caterleisure.co.uk | DNS:CLServerMAIL | DNS:caterleisureltd.local | DNS:caterleisure.co.uk)
  So email is encrypted but the host is not verified

 

 

1 REPLY 1
Super User II
Super User II
Solution

Re: Failing checkTLS.com. Please advise we have a SSL cert. Thanks

Hello 

The process of getting an SSL issued and installed can be complicated, but there are tools available to help you get through it.

 

After you generate a certificate signing request (CSR), you can paste it into CSR decoderto make sure you have the correct common name and organization listed in the CSR from your server. If the information shown on the CSR decoder isn't correct, you can repeat the process of generating a CSR with the correct common name and organization.

 

Note: If the CSR you are using is for a wildcard certificate, the CSR must include the asterisk for the sub-domain level you wish to cover on the common name. Example: To secure test.coolexample.com and www.coolexample.com, the common name on your CSR needs to be *.coolexample.com

 

After you have installed your SSL certificate, you can use our SSL checker test tool to view the details on your certificate and check for a variety of common SSL issues. Most issues that come up on the certificate checker can be solved by rekeying your certificateand installing it again.

Zulfiqar Anees | GoDaddy Pro | Founder/CEO at FastTech Media, TechMag, and ZulWeb.