Resolving SSL Certificate Problems

I’ve been working with the new Pinoccio microcontroller Arduino-like platform for creating internet-of-things devices. One of the many ways you can access devices through a webpage called their headquarters. It is available at hq.pinocc.io and requires a special plug-in for Google Chrome. I had been having great success with the device and suddenly two days ago the webpage quick loading. At first I thought their server was down but eventually realized that I could login using other in my home but not the one that I had been using. It was the classic “why is this thing not like the others?” problem.

The folks at pinocc.Io were tied up in a maker fair and working on other issues and were not able to help me right away. So I did some exploring on my own.

I finally figured out that it was a problem with SSL certificates on a piece of JavaScript. I only figured that out by typing in the URL the JavaScript itself instead of the URL of the webpage. That gave me the following…
hq_problem2
Note you can click on any of these images for larger versions.

I clicked on the “MORE” and got the following information.
hq_problem3

That told me that the certificate had been revoked and it told me who had issued the certificate but that still tell me very much. The first problem was figuring out where in Google Chrome SSL certificates were handled. Several Google searches later I determined that chrome uses Windows computers default settings. You can get to it in Google Chrome’s settings under the section “proxy settings”. (Gee no wonder it didn’t jump right out at me!) You can also access SSL certificate information from Internet Explorer under Tools… Internet options… content tab. I tried clicking on the “clear SSL state” hoping that it would flush everything out and recheck the certificates. That didn’t help. I clicked on the “Certificates” button but couldn’t find anything related to the certificate issuer “Gandhi Standard SSL, CA” that I had gotten from that more detailed error message.

I browsed around the certificate section in Internet Options but could not find anything under any of the tabs regarding that provider. Then I noticed that where you type the URL there is a little green padlock icon that somehow was beckoning me to do a right-click on it.
SSL 4

When I did I got the following…
SSL2
The initial tab talks about permissions but I clicked on the Connection tab. Then I clicked on the Certificate Information link. Which gave me this…
SSL3
The details tab was interesting but didn’t really tell me much so I tried the “Certification Path” tab and got the following
SSL1
This gave me some other places to look. I started the top with USERTrust and found it under “Trusted Route Certification Authorities” here…
SSL 5
However it would not allow me to remove it. However under “Intermediate Certification Authorities” I found an entry that it would allow me to remove.
SSL 6
After clicking on the “Remove” button and closing everything out, I was able to go back into Google Chrome, access the website, and it loaded perfectly. It apparently went and got a fresh copy of the certificate. Now everything is working fine.

The folks at Pinocc.io later explained “We recently added a load balancer which was still configured with the pre
heartbleed ssl cert we revoked. This has been fixed.”

So if anyone is out there reading this whether they are using Pinocc.io or not and you are having SSL Certification problems perhaps the steps I’ve shown you will help.

Leave a Reply

Your email address will not be published. Required fields are marked *