HTTP Status Code 495 – SSL Certificate Error

HTTP Status Code 495 – SSL Certificate Error

The HTTP status code 495 is a non-standard status code used by some proxies, such as those from Nginx, to indicate that an SSL/TLS handshake has failed due to an issue with the client certificate. This status code is not part of the official HTTP status code definitions but is used in specific implementations to handle SSL certificate errors more explicitly.

Example 1: Invalid Client Certificate

Imagine a scenario where a client attempts to connect to a server that requires a valid SSL client certificate for authentication. If the client provides an invalid certificate, the server or proxy may respond with a 495 status code, indicating the issue with the certificate.

HTTP/1.1 495 SSL Certificate Error
Date: Thu, 12 Oct 2023 14:00:00 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 1234

<html>
<head><title>495 SSL Certificate Error</title></head>
<body>
    <h1>SSL Certificate Error</h1>
    <p>The SSL certificate provided by your client is invalid or untrusted.</p>
</body>
</html>

Example 2: Expired Client Certificate

In another scenario, a client may present an expired SSL certificate during the handshake process. This could lead to a 495 status code, indicating that the certificate is no longer valid due to its expiration.

HTTP/1.1 495 SSL Certificate Error
Date: Thu, 12 Oct 2023 15:00:00 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 1280

<html>
<head><title>495 SSL Certificate Error</title></head>
<body>
    <h1>SSL Certificate Error</h1>
    <p>The SSL certificate provided by your client has expired.</p>
</body>
</html>

### Explanation
– **Description**: The documentation begins with a detailed description of the 495 status code, explaining that it is used to indicate SSL certificate errors during the SSL/TLS handshake process. It specifies that this code is non-standard and typically used by proxies like Nginx.

– **Example 1**: This example illustrates a scenario where a client uses an invalid SSL certificate. The server responds with a 495 status code and an HTML message indicating the issue.

– **Example 2**: This example demonstrates what happens when a client certificate is expired. Again, the server responds with a 495 status code, highlighting the expired certificate.

– **Summary**: The closing section summarizes the use and purpose of the 495 status code, emphasizing its role in specific environments for handling SSL/TLS connection errors more precisely.

Example 3 Scenario

# Client sends a request example.
GET /example HTTP/1.1
Host: www.example.com

# Server Response
HTTP/1.1 495 495 SSL Certificate Error
Date: Wed, 09 Oct 2024 23:09:10 GMT
Server: ExampleServer/1.0
Content-Type: application/json

{
    "error": "Description of the error for 495"
}

Example 4 Scenario

# Client sends another example request.
POST /another-example HTTP/1.1
Host: www.example.com

# Server Response
HTTP/1.1 495 495 SSL Certificate Error
Date: Wed, 09 Oct 2024 23:09:10 GMT
Server: ExampleServer/1.0
Content-Type: application/json

{
    "error": "Detailed message for 495"
}

Summary

HTTP status code 495 is used to signify an SSL certificate error during the handshake process. While not an official part of the HTTP status code spectrum, it serves as a useful indicator in some setups, particularly with specific proxies handling SSL/TLS connections. The status code helps differentiate between regular client certificate errors and other types of SSL issues, allowing for more precise error handling and troubleshooting.

I am the founder of SEO Leaders and have been involved in the internet and web development in one way or another for over 20 years. Since founding SEO Leaders some 6 years ago I have been heavily involved in web develepment, Digital PR and technical SEO for a wide variety of projects. I hope to enlighten you on a wide range of topics related to my chosen profession!

Back To Top