老蒋部落
这不前天有一个客户网站SSL证书报错的问题终于花费时间给解决,原本看似普通的问题,居然折腾这么久。看来还是运维经验不够,不过好在通过各种排除法,重置发等策略进行解决。这里还是好在有强大的搜索引擎。这里顺带从网上找到较多的SSL证书报错信息。
这个信息备用整理到这里有助于以后在发现问题的时候直接检索对照。
SSL_ERROR_EXPORT_ONLY_SERVER -12288 “Unable to communicate securely. Peer does not support high-grade encryption.”
SSL_ERROR_US_ONLY_SERVER -12287 “Unable to communicate securely. Peer requires high-grade encryption which is not supported.”
SSL_ERROR_NO_CYPHER_OVERLAP -12286 “Cannot communicate securely with peer: no common encryption algorithm(s).”
SSL_ERROR_NO_CERTIFICATE -12285 “Unable to find the certificate or key necessary for authentication.”
SSL_ERROR_BAD_CERTIFICATE -12284 “Unable to communicate securely with peer: peers’s certificate was rejected.”
SSL_ERROR_BAD_CLIENT -12282 “The server has encountered bad data from the client.”
SSL_ERROR_BAD_SERVER -12281 “The client has encountered bad data from the server.”
SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE -12280 “Unsupported certificate type.”
SSL_ERROR_UNSUPPORTED_VERSION -12279 “Peer using unsupported version of security protocol.”
SSL_ERROR_SSL2_DISABLED -12274 “Peer only supports SSL version 2, which is locally disabled.”
SSL_ERROR_BAD_MAC_READ -12273 “SSL received a record with an incorrect Message Authentication Code.”
SSL_ERROR_BAD_MAC_ALERT -12272 “SSL peer reports incorrect Message Authentication Code.”
SSL_ERROR_BAD_CERT_ALERT -12271 “SSL peer cannot verify your certificate.”
SSL_ERROR_REVOKED_CERT_ALERT -12270 “SSL peer rejected your certificate as revoked.”
SSL_ERROR_EXPIRED_CERT_ALERT -12269 “SSL peer rejected your certificate as expired.”
SSL_ERROR_SSL_DISABLED -12268 “Cannot connect: SSL is disabled.”
SSL_ERROR_FORTEZZA_PQG -12267 “Cannot connect: SSL peer is in another FORTEZZA domain.”
SSL_ERROR_UNKNOWN_CIPHER_SUITE -12266 “An unknown SSL cipher suite has been requested.”
SSL_ERROR_NO_CIPHERS_SUPPORTED -12265 “No cipher suites are present and enabled in this program.”
SSL_ERROR_BAD_BLOCK_PADDING -12264 “SSL received a record with bad block padding.”
SSL_ERROR_RX_RECORD_TOO_LONG -12263 “SSL received a record that exceeded the maximum permissible length.”
SSL_ERROR_TX_RECORD_TOO_LONG -12262 “SSL attempted to send a record that exceeded the maximum permissible length.”
SSL_ERROR_CLOSE_NOTIFY_ALERT -12230 “SSL peer has closed this connection.”
SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED -12210 “SSL Server attempted to use domestic-grade public key with export cipher suite.”
SSL_ERROR_NO_SERVER_KEY_FOR_ALG -12206 “Server has no key for the attempted key exchange algorithm.”
SSL_ERROR_TOKEN_INSERTION_REMOVAL -12205 “PKCS #11 token was inserted or removed while operation was in progress.”
SSL_ERROR_TOKEN_SLOT_NOT_FOUND -12204 “No PKCS#11 token could be found to do a required operation.”
SSL_ERROR_NO_COMPRESSION_OVERLAP -12203 “Cannot communicate securely with peer: no common compression algorithm(s).”
SSL_ERROR_HANDSHAKE_NOT_COMPLETED -12202 “Cannot initiate another SSL handshake until current handshake is complete.”
SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE -12201 “Received incorrect handshakes hash values from peer.”
SSL_ERROR_CERT_KEA_MISMATCH -12200 “The certificate provided cannot be used with the selected key exchange algorithm.”
SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA -12199 “No certificate authority is trusted for SSL client authentication.”
SSL_ERROR_SESSION_NOT_FOUND -12198 “Client’s SSL session ID not found in server’s session cache.”
SSL_ERROR_RX_MALFORMED_HELLO_REQUEST -12261 “SSL received a malformed Hello Request handshake message.”
SSL_ERROR_RX_MALFORMED_CLIENT_HELLO -12260 “SSL received a malformed Client Hello handshake message.”
SSL_ERROR_RX_MALFORMED_SERVER_HELLO -12259 “SSL received a malformed Server Hello handshake message.”
SSL_ERROR_RX_MALFORMED_CERTIFICATE -12258 “SSL received a malformed Certificate handshake message.”
SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH -12257 “SSL received a malformed Server Key Exchange handshake message.”
SSL_ERROR_RX_MALFORMED_CERT_REQUEST -12256 “SSL received a malformed Certificate Request handshake message.”
SSL_ERROR_RX_MALFORMED_HELLO_DONE -12255 “SSL received a malformed Server Hello Done handshake message.”
SSL_ERROR_RX_MALFORMED_CERT_VERIFY -12254 “SSL received a malformed Certificate Verify handshake message.”
SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH -12253 “SSL received a malformed Client Key Exchange handshake message.”
SSL_ERROR_RX_MALFORMED_FINISHED -12252 “SSL received a malformed Finished handshake message.”
SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER -12251 “SSL received a malformed Change Cipher Spec record.”
SSL_ERROR_RX_MALFORMED_ALERT -12250 “SSL received a malformed Alert record.”
SSL_ERROR_RX_MALFORMED_HANDSHAKE -12249 “SSL received a malformed Handshake record.”
SSL_ERROR_RX_MALFORMED_APPLICATION_DATA -12248 “SSL received a malformed Application Data record.”
SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST -12247 “SSL received an unexpected Hello Request handshake message.”
SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO -12246 “SSL received an unexpected Client Hello handshake message.”
SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO -12245 “SSL received an unexpected Server Hello handshake message.”
SSL_ERROR_RX_UNEXPECTED_CERTIFICATE -12244 “SSL received an unexpected Certificate handshake message.”
SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH -12243 “SSL received an unexpected Server Key Exchange handshake message.”
SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST -12242 “SSL received an unexpected Certificate Request handshake message.”
SSL_ERROR_RX_UNEXPECTED_HELLO_DONE -12241 “SSL received an unexpected Server Hello Done handshake message.”
SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY -12240 “SSL received an unexpected Certificate Verify handshake message.”
SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH -12239 “SSL received an unexpected Client Key Exchange handshake message.”
SSL_ERROR_RX_UNEXPECTED_FINISHED -12238 “SSL received an unexpected Finished handshake message.”
SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER -12237 “SSL received an unexpected Change Cipher Spec record.”
SSL_ERROR_RX_UNEXPECTED_ALERT -12236 “SSL received an unexpected Alert record.”
SSL_ERROR_RX_UNEXPECTED_HANDSHAKE -12235 “SSL received an unexpected Handshake record.”
SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA -12234 “SSL received an unexpected Application Data record.”
SSL_ERROR_RX_UNKNOWN_RECORD_TYPE -12233 “SSL received a record with an unknown content type.”
SSL_ERROR_RX_UNKNOWN_HANDSHAKE -12232 “SSL received a handshake message with an unknown message type.”
SSL_ERROR_RX_UNKNOWN_ALERT -12231 “SSL received an alert record with an unknown alert description.”
SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT -12229 “SSL peer was not expecting a handshake message it received.”
SSL_ERROR_DECOMPRESSION_FAILURE_ALERT -12228 “SSL peer was unable to successfully decompress an SSL record it received.”
SSL_ERROR_HANDSHAKE_FAILURE_ALERT -12227 “SSL peer was unable to negotiate an acceptable set of security parameters.”
SSL_ERROR_ILLEGAL_PARAMETER_ALERT -12226 “SSL peer rejected a handshake message for unacceptable content.”
SSL_ERROR_UNSUPPORTED_CERT_ALERT -12225 “SSL peer does not support certificates of the type it received.”
SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT -12224 “SSL peer had some unspecified issue with the certificate it received.”
SSL_ERROR_DECRYPTION_FAILED_ALERT -12197 “Peer was unable to decrypt an SSL record it received.”
SSL_ERROR_RECORD_OVERFLOW_ALERT -12196 “Peer received an SSL record that was longer than is permitted.”
SSL_ERROR_UNKNOWN_CA_ALERT -12195 “Peer does not recognize and trust the CA that issued your certificate.”
SSL_ERROR_ACCESS_DENIED_ALERT -12194 “Peer received a valid certificate, but access was denied.”
SSL_ERROR_DECODE_ERROR_ALERT -12193 “Peer could not decode an SSL handshake message.”
SSL_ERROR_DECRYPT_ERROR_ALERT -12192 “Peer reports failure of signature verification or key exchange.”
SSL_ERROR_EXPORT_RESTRICTION_ALERT -12191 “Peer reports negotiation not in compliance with export regulations.”
SSL_ERROR_PROTOCOL_VERSION_ALERT -12190 “Peer reports incompatible or unsupported protocol version.”
SSL_ERROR_INSUFFICIENT_SECURITY_ALERT -12189 “Server requires ciphers more secure than those supported by client.”
SSL_ERROR_INTERNAL_ERROR_ALERT -12188 “Peer reports it experienced an internal error.”
SSL_ERROR_USER_CANCELED_ALERT -12187 “Peer user canceled handshake.”
SSL_ERROR_NO_RENEGOTIATION_ALERT -12186 “Peer does not permit renegotiation of SSL security parameters.”
SSL_ERROR_GENERATE_RANDOM_FAILURE -12223 “SSL experienced a failure of its random number generator.”
SSL_ERROR_SIGN_HASHES_FAILURE -12222 “Unable to digitally sign data required to verify your certificate.”
SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE -12221 “SSL was unable to extract the public key from the peer’s certificate.”
SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE -12220 “Unspecified failure while processing SSL Server Key Exchange handshake.”
SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE -12219 “Unspecified failure while processing SSL Client Key Exchange handshake.”
SSL_ERROR_ENCRYPTION_FAILURE -12218 “Bulk data encryption algorithm failed in selected cipher suite.”
SSL_ERROR_DECRYPTION_FAILURE -12217 “Bulk data decryption algorithm failed in selected cipher suite.”
SSL_ERROR_MD5_DIGEST_FAILURE -12215 “MD5 digest function failed.”
SSL_ERROR_SHA_DIGEST_FAILURE -12214 “SHA-1 digest function failed.”
SSL_ERROR_MAC_COMPUTATION_FAILURE -12213 “Message Authentication Code computation failed.”
SSL_ERROR_SYM_KEY_CONTEXT_FAILURE -12212 “Failure to create Symmetric Key context.”
SSL_ERROR_SYM_KEY_UNWRAP_FAILURE -12211 “Failure to unwrap the Symmetric key in Client Key Exchange message.”
SSL_ERROR_IV_PARAM_FAILURE -12209 “PKCS11 code failed to translate an IV into a param.”
SSL_ERROR_INIT_CIPHER_SUITE_FAILURE -12208 “Failed to initialize the selected cipher suite.”
SSL_ERROR_SOCKET_WRITE_FAILURE -12216 “Attempt to write encrypted data to underlying socket failed.”
SSL_ERROR_SESSION_KEY_GEN_FAILURE -12207 “Failed to generate session keys for SSL session.”
如果我们有遇到类似的问题也可以检索,也可以参考这里:https://www-archive.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html
本文出处:老蒋部落 » 整理比较齐全的网站SSL证书报错错误码问题 | 欢迎分享( 公众号:老蒋朋友圈 )
