ERR_BAD_SSL_CLIENT_AUTH_CERT [英] ERR_BAD_SSL_CLIENT_AUTH_CERT

问题描述

我们开始遇到浏览大多数https网站的问题。

We've started encountering issues browsing to most https sites.

示例包括： https://technet.microsoft.com/ ， https：// mail。 google.com/ ， https://www.mozilla.org/ en-US / firefox / new / ， https://stackoverflow.com/

我们之前访问过的安全网站似乎运行正常。这些示例包括：
https://banking.westpac.com.au/ ， https://www.tppwholesale.com.au/login/ ， https://au.ingrammicro.com/

It appears that secure sites that we have visited previously work OK. Examples of these include: https://banking.westpac.com.au/, https://www.tppwholesale.com.au/login/, https://au.ingrammicro.com/

我们收到的错误是：

• Chrome： ERR_BAD_SSL_CLIENT_AUTH_CERT


• Firefox： SSL_ERROR_ACCESS_DENIED_ALERT


• IE11 / Edge：没有有用的消息，但记录了Schannel 36887错误建议 TLS协议定义的致命警报代码是49。（这些也是针对Chrome记录的，但不是Firefox，因为它使用的是Mozilla NSS加密库。）

• Chrome: ERR_BAD_SSL_CLIENT_AUTH_CERT
• Firefox: SSL_ERROR_ACCESS_DENIED_ALERT
• IE11/Edge: No helpful message, but Schannel 36887 errors are logged advising The TLS protocol defined fatal alert code is 49. (These are also logged for Chrome, but not Firefox as it uses the Mozilla NSS encryption library.)

我们可以通过禁用TLS1.1& amp;来阻止这个问题。 TLS1.2并启用SSL2& SSL3。由于SSL2 / 3已知漏洞，我们希望正确解决此问题。

We can prevent the problem by disabling TLS1.1 & TLS1.2 and enabling SSL2 & SSL3. As SSL2/3 have known vulnerabilities we want to resolve this issue properly.

在Win7，Win8.1，Win10 WS2012R2计算机上出现问题。它影响了我们所有的笔记本电脑，除了一个未在办公室工作超过一个月的笔记本电脑。

Problem has been observed on Win7, Win8.1, Win10 WS2012R2 machines. It's affecting all our laptop computers except one that hasn't been in the office for over a month.

广泛的谷歌搜索未能产生任何帮助 - 大多数SSL连接问题讨论似乎集中在服务器证书上。

Extensive googling has failed to yield anything helpful - most SSL connection issues that are discussed seem to focus on the server certificate.

上述错误表明我们的浏览器发送到服务器的客户端证书存在问题，所以我有这些问题：

The above errors suggest it being an issue with the client certificate that our browsers are sending to the servers, so I have these questions:

1. SSL2 / 3对TLS1.x有不同的客户端证书要求吗？


2. 什么浏览器使用的客户端证书（我们没有在用户或计算机个人商店中列出任何证书）？

我希望有一个那里的SSL / TLS大师可以提供帮助！

I hope there's an SSL/TLS guru out there that can assist!

推荐答案

无需卸载ESET。打开ESET>设置> Internet保护>编辑Web访问保护>展开Web协议>禁用启用HTTPS检查。

No need to uninstall ESET. Open ESET > Setup > Internet Protection > edit "Web Access Protection" > expand "Web Protocols" > disable "Enable HTTPS Checking".

这篇关于ERR_BAD_SSL_CLIENT_AUTH_CERT的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！