Testing TLS Certificate

Once the TLS certificate files have been places and Nginx restarted, the certificate can be tested.

Use Qualys TLS Certificate Test to test the TLS Certificate.


Alternate method using firefox: Testing the TLS Certificate

  1. Open the Firefox browser.
  2. Enter the full site address in the address bar.

    This would the https://tickets.yourvenue.com/TheatreManager/1/login&event=0.

  3. Click enter on the keyboard for the site to display.
  4. Click the lock next to the address in the address bar.

    This should be done after the site has finished loading. A box will appear indicating the status of the TLS Certificate.

  5. Click the More Information button. The Page Info window will open.

  6. Select the Security tab in the Page Info window.

  7. Click the View Certificate button. The Certificate Viewer will open to the general tab.

  8. Review the Issued On and Expiry Date in the Validity section of the viewer. If the TLS certificate has been installed correctly the date should be equal to the number of months purchased for the certificate

  9. Go to http://www.sslshopper.com/ssl-checker.html.
  10. Enter the domain the TLS certificate was created for (exp. tickets.myvenue.com).
  11. Review the details to ensure there are no broken red arrows in the chain files.

    A broken red arrow means the server chain is not correct. This is the chain added to the .crt file after the certificate. It is either not being read or is not up to date.

Troubleshooting TLS Certificates

TLS on Router

The TLS certificate associated with the ticketing site may not always be the only TLS certiificate in the network. The TLS certificate in Nginx may have installed correctly without error or warnings. The web pages appear correctly within the network. However, when attempting to access the site externally, the web pages do not display. The web site looks like it may be pointing to IIS or another application. The network setup will appear correct and everything on the Web Server machine is running. Reviewing a test of the TLS Certificate does not display the Comodo Logo.

In this situation an TLS may be built into the router. The IT person will need to locate the TLS Certificate and disable it.

 

TLS doesn't appear on HTTP

When visiting the ticketing site the address starts with http rather then https. The style sheets are missing and the buttons do not appear.

This is caused by a missing S from https in the Web Server URL field under the Director tab of Setup >> Company Preferences.

 

The site can be accessed using https but not http

When accessing the ticketing site using http rather then https the Web Pages are not displayed. The ticketing site is replaced by another website, application or login. The link will not redirect to https automatically but rather needs to be altered to include the S.

Port 443 governs https by default. Port 80 is reserved for http. Some organizations use port 80 for other applications such as web mail. In cases like this all direct links to the ticketing site will need to start with https.