?
Solved

Certificate error on web server on IIS 7.5

Posted on 2012-04-02
13
Medium Priority
?
1,349 Views
Last Modified: 2013-05-18
Hello experts.
I installed new certificate (from Verisign) on my two servers.
Now they works, but  https://ssl-tools.verisign.com/#certChecker  shows some errors.


Certificate Chain Information
Could not determine the primary certificate for the Web server.

Server Name: online2.ameriabank.am
was checked using port number 443
The certificate installation checker connected to the Web server and read its certificates, but could not determine which is the primary certificate for the Web server. Make sure that the domain name entered above matches the common name of the certificate installed on the Web server.

""
please assist what can I do?
0
Comment
Question by:ameriaadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 
LVL 6

Expert Comment

by:emadallan
ID: 37796211
you shoud add the verisign cert to your trusted root certificate on both servers
0
 

Author Comment

by:ameriaadmin
ID: 37796229
I have don it, the sites work properly, but   https://ssl-tools.verisign.com/#certChecker shows error.
my sites are
online.ameriabank.am
online2.ameriabank.am
0
 
LVL 6

Expert Comment

by:emadallan
ID: 37796256
could you tell me the error message?
0
Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

 

Author Comment

by:ameriaadmin
ID: 37796273
I have post it.
<<<
online.ameriabank.am was checked using port number 443
The certificate installation checker connected to the Web server and read its certificates, but could not determine which is the primary certificate for the Web server. Make sure that the domain name entered above matches the common name of the certificate installed on the Web server.
>>>

you can check it by   https://ssl-tools.verisign.com/#certChecker   for onlin.ameriabank.am and online2.ameriabank.am
0
 
LVL 6

Expert Comment

by:emadallan
ID: 37796371
ok, the problem is due to intermediate certificate called: (VeriSign Class 3 Public Primary Certification Authority - G5) of virisign which is not trusted by verisign, so the solution is replace it in your browser.
please go to :
https://www.verisign.com/support/verisign-intermediate-ca/secure-site-pro-intermediate/index.html
then follow the instructions here:
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=SO18688
0
 

Author Comment

by:ameriaadmin
ID: 37800248
and what to do in server side?
0
 

Author Comment

by:ameriaadmin
ID: 37800286
I have replaced VeriSign Class 3 Public Primary Certification Authority - G5, by the new one, but I get same error.
0
 
LVL 6

Expert Comment

by:emadallan
ID: 37800302
it's browser side, because your problem is that the intermediate cert in the chain is not trusted, contact the virisign and tell them to include the updated intermediate cert in your cert then import it to your two servers.
0
 
LVL 6

Expert Comment

by:emadallan
ID: 37800328
one thing to mention is: To get browsers to trust the root CA, and intermedite ca the user must install the certificate in the browser's authorities store. so try to install the updated intermedite CA in the IE througn internet options-- import
0
 

Author Comment

by:ameriaadmin
ID: 37800435
do you see the errors from https://ssl-tools.verisign.com/#certChecker for online.ameriabank.am and online2.ameriabank.am ?
0
 
LVL 6

Accepted Solution

by:
emadallan earned 1000 total points
ID: 37800532
no, but i just did! i see that now we have two problems:
the first that we talked before
the second is online2.ameriabank.am is not included in you cert as a common name,  why? because Typically a standard secure server SSL Certificate is issued to a single Fully Qualified Domain Name only, which is online.ameriabank.am to which it has been issued. so online2.ameriabank.am is not included.
the solution is to obtain the Wildcard SSL which easily get around this restriction by receiving a Wildcard SSL Certificate issued to *.ameriabank.am. The * character replaces a "fixed" sub-domain with a "variable" one.
0
 

Author Comment

by:ameriaadmin
ID: 37800717
we already obtained SSL Certificate for online and onlin2 you can see it by opening onlin.ameriabank.am and online2.ameriabank.am
0
 

Author Closing Comment

by:ameriaadmin
ID: 39177163
no, but i just did! i see that now we have two problems:
the first that we talked before
the second is online2.ameriabank.am is not included in you cert as a common name,  why? because Typically a standard secure server SSL Certificate is issued to a single Fully Qualified Domain Name only, which is online.ameriabank.am to which it has been issued. so online2.ameriabank.am is not included.
the solution is to obtain the Wildcard SSL which easily get around this restriction by receiving a Wildcard SSL Certificate issued to *.ameriabank.am. The * character replaces a "fixed" sub-domain with a "variable" one.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The canonical version of this article is on my web site here: http://iconoun.com/articles/collisions/ A companion presentation is available here: http://iconoun.com/articles/collisions/Unicode_Presentation.pdf
The new Microsoft OS looks great, is easier than ever to upgrade to, it is even free.  So what's the catch?  If you don't change the privacy settings, Microsoft will, in accordance with the (EULA) you clicked okay to without reading, collect all the…
The viewer will learn how to create two correlated normally distributed random variables in Excel, use a normal distribution to simulate the return on different levels of investment in each of the two funds over a period of ten years, and, create a …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question