Solved

certificate is expired or not yet valid

Posted on 2006-07-18
9
2,725 Views
Last Modified: 2010-08-05
Hello,

platform:  Win2K/SP4, IIS 5 (yea that could be the problem right there).

my web server seems to have a random problem with its Verisign SSL cert (as complained to from users trying to establish the socket).  On the server, the cert is valid and properly registered.  some users complain that through their browser connection, they receive an Info window on the SSL cert that says "The certificate is expired or not yet valid".  the cert is registered to the host and doesn't expire until next year.  however, apparently within the cert (when viewed on a machine that experiences this problem) under the Certification Path tab, it displays a problem with Common Name.

Being new to the organization, I am still trying to find account info for Verisign, as one of my thoughts was to ask for a reissue.  another thought is to forgo the next year of validation, and buy a new cert now.  I haven't found any consistent path to recreating this error/problem.  

as the site that the cert is used for is financial and personal data, this is an extremely important post for me.

thanks in advance.  I hope I have illustrated the problem correctly.
0
Comment
Question by:Moabrocks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 9

Expert Comment

by:blandyuk
ID: 17134425
When you issue a certificate, the "Issue To" name has to be the same as the domain it's on. Example:

https://secure.mysite.com/

Issuing it to www.mysite.com will generate a common name problem. I've had this issue before with free certificates from:

www.cacert.org

I fixed it in the end and it worked fine. You could use CACert to get your SSL certificates right and then get one from Verisign once you know how to do it.

I would have thought you could issue a wildcard on your domain from Verisign but I don't know. Would be handy to know.
0
 
LVL 9

Expert Comment

by:blandyuk
ID: 17134429
Sorry, wildcard as in on your sub-domain:

*.mysite.com

Not the whole domain ;)
0
 
LVL 78

Expert Comment

by:arnold
ID: 17136045
Post the URL and will be in a better position to assist you.

Is there something common to those who exprience this problem like the browser/browser version/OS?
0
SuperAntiSpyware Licenses Discounted by 25% !

Exclusive offer to Experts Exchange Members!
Buy SuperAntiSpyware License(s) from us and save 25% on the regular purchase price.
- Includes Full SuperAntiSpyware Vendor Support Entitlements
- Your Subscription does not begin until you activate your license
- Buy for your friends

 

Author Comment

by:Moabrocks
ID: 17139523
we are trying to get users to give us all that info on their browsers, however we have now seen this inhouse..  XP/IE 6x (patched)..  what we see is a red X on the Verisign cert line with the status window that says the Verisign cert is "expired or not yet valid" but our cert shows no red X on the icon, and the status window shows "this certificate is ok".

Is there a way to upload a bitmap/jpeg thru experts-???

0
 
LVL 78

Expert Comment

by:arnold
ID: 17141999
You can capture the image and place it on a site to which you post the URL.
on the inhouse systems that have the red X, look through the certificate path and see the expiration and information for the certificate that breaks the chain.  Then compare that information to the certificate path on the system that does not have this issue.

What is the issue with the certification path on the systems that has this problem?
0
 

Author Comment

by:Moabrocks
ID: 17142139
the difference between them that I see is that a client machine seeing the error, has a problem seeing "Verisigns" certificate as valid, in fact when you drill down to "view certificate", it shows it expired 1/7/2004.  

This now seems more clear that Verisign Tech support is needed?!!  Is there a way for a client machine to clear old certificates?

how do I paste screen shots to Experts-exchange?
0
 
LVL 9

Expert Comment

by:blandyuk
ID: 17144828
As arnold said, save the screenshot as a jpeg and upload to a location on your website / webserver and post the URL in here.
0
 
LVL 78

Assisted Solution

by:arnold
arnold earned 500 total points
ID: 17145237
On the systems where the error exist you need to update the root certificates.  verisign has issued an intermediary certificate that should correct this problem.  I think this is the class three certificate.  Check out verisign's web site for the applicable certificate and have those individuals import the certificate on their systems..
0
 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 17145248
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question