Forum Discussion

TomGriffith3's avatar
TomGriffith3
Brass Contributor
Jun 21, 2022

Site uses outdated or unsafe TLS security settings

Hello. if you have a minute, I'm getting "Can't connect securely to this page. This might be because the site (Domino url) uses outdated or unsafe TLS security settings". This is Edge IE mode. I've checked the Internet Settings and TLS 1.0, TLS 1.1, TLS 1.2 are all checked and I've seemingly tried everything else on the internet regarding this error (clearing cache, etc). Anyways, in summary...

 

1. was provided self-signed cert/private key in pfx file by the organization

 

2. used openssl to convert pfx to pem (NOTE: when first attempting, received an error that openssl does not support RC2, so used the -legacy parameter to allow openssl to convert to pem)

 

3. Converted pem to txt file and had to fix the order of certificate nodes in the txt file to server-intermediate-root.

 

4. Imported the txt file into Domino keyring file, verified using their tool and it said everything cool.

 

5. Pointed Domino to that keyring.kyr file, opened SSL port (443), restarted server.

 

6. Get "Can't connect securely to this page. This might be because the site uses outdated or unsafe TLS settings".

 

I tried all the internet options and client stuff. Oh, the client is running IE mode in Edge.

Secondly, there is a call to a tomcat servlet over http on the page (via javascript). Would that mess this up somehow? I did enable "display mixed elements" in the Internet Options-zone custom security settings. I wouldn't think that would do anything anyway as the setting is for embedded elements. It's throwing the TLS error on the generic Domino login page. Thank you so much.

  • KenChong's avatar
    KenChong
    Iron Contributor

    TomGriffith3 It may require some time to troubleshoot because browsers always show vague messages when the error is related to a secure connection (i.e. HTTPS).

     

    Since you mentioned OpenSSL, you can use it to do basic troubleshooting. It can try to load the certificate and also make a connection with the server so that you can see what happened under the hood.

     

    For more details, you can refer to this site: How to troubleshoot SSL connections with the openssl program (a2hosting.com)

     

    Regards,

    Ken

    • TomGriffith3's avatar
      TomGriffith3
      Brass Contributor

      Hi, Ken. I think I figured it out. The cipher suite used by the server side (Domino) had some outdated ones selected. I selected the remaining options they offered and that created an agreed upon protocol with the browsers. Thank you so much for your help.

Resources