Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ERR_BAD_SSL_CLIENT_AUTH_CERT

Tags:

We've started encountering issues browsing to most https sites.

Examples include: https://technet.microsoft.com/, https://mail.google.com/, https://www.mozilla.org/en-US/firefox/new/, https://stackoverflow.com/

It appears that secure sites that we have visited previously work OK. Examples of these include: https://banking.westpac.com.au/, https://www.tppwholesale.com.au/login/, https://au.ingrammicro.com/

The errors we receive are:

  • Chrome: ERR_BAD_SSL_CLIENT_AUTH_CERT
  • Firefox: SSL_ERROR_ACCESS_DENIED_ALERT
  • IE11/Edge: No helpful message, but Schannel 36887 errors are logged advising The TLS protocol defined fatal alert code is 49. (These are also logged for Chrome, but not Firefox as it uses the Mozilla NSS encryption library.)

We can prevent the problem by disabling TLS1.1 & TLS1.2 and enabling SSL2 & SSL3. As SSL2/3 have known vulnerabilities we want to resolve this issue properly.

Problem has been observed on Win7, Win8.1, Win10 WS2012R2 machines. It's affecting all our laptop computers except one that hasn't been in the office for over a month.

Extensive googling has failed to yield anything helpful - most SSL connection issues that are discussed seem to focus on the server certificate.

The above errors suggest it being an issue with the client certificate that our browsers are sending to the servers, so I have these questions:

  1. Do SSL2/3 have different client certificate requirements to TLS1.x?
  2. What client certificate do browsers use (we don't have any certificates listed in the user or computer Personal stores)?

I hope there's an SSL/TLS guru out there that can assist!

like image 861
Craig99 Avatar asked Mar 30 '16 12:03

Craig99


2 Answers

No need to uninstall ESET. Open ESET > Setup > Internet Protection > edit "Web Access Protection" > expand "Web Protocols" > disable "Enable HTTPS Checking".

like image 123
user7978483 Avatar answered Sep 24 '22 18:09

user7978483


It appears that ESET antivirus is the culprit here. Thanks to Nicolas Rey for flagging this on a Chrome forum (refer https://productforums.google.com/forum/#!msg/chrome/WHw6ow1kGUs/MW3gt1hZEQAJ)

The rollback option that Nicolas suggested didn't help, but uninstalling and reinstalling ESET resolved the issue.

like image 28
Craig99 Avatar answered Sep 24 '22 18:09

Craig99