Solved

Certificate error on web server on IIS 7.5

Posted on 2012-04-02
13
1,330 Views
Last Modified: 2013-05-18
Hello experts.
I installed new certificate (from Verisign) on my two servers.
Now they works, but  https://ssl-tools.verisign.com/#certChecker  shows some errors.

"
Certificate Chain Information
Could not determine the primary certificate for the Web server.

Server Name: online2.ameriabank.am
was checked using port number 443
The certificate installation checker connected to the Web server and read its certificates, but could not determine which is the primary certificate for the Web server. Make sure that the domain name entered above matches the common name of the certificate installed on the Web server.

""
please assist what can I do?
0
Comment
Question by:ameriaadmin
  • 7
  • 6
13 Comments
 
LVL 6

Expert Comment

by:emadallan
Comment Utility
you shoud add the verisign cert to your trusted root certificate on both servers
0
 

Author Comment

by:ameriaadmin
Comment Utility
I have don it, the sites work properly, but   https://ssl-tools.verisign.com/#certChecker shows error.
my sites are
online.ameriabank.am
online2.ameriabank.am
0
 
LVL 6

Expert Comment

by:emadallan
Comment Utility
could you tell me the error message?
0
 

Author Comment

by:ameriaadmin
Comment Utility
I have post it.
<<<
online.ameriabank.am was checked using port number 443
The certificate installation checker connected to the Web server and read its certificates, but could not determine which is the primary certificate for the Web server. Make sure that the domain name entered above matches the common name of the certificate installed on the Web server.
>>>

you can check it by   https://ssl-tools.verisign.com/#certChecker   for onlin.ameriabank.am and online2.ameriabank.am
0
 
LVL 6

Expert Comment

by:emadallan
Comment Utility
ok, the problem is due to intermediate certificate called: (VeriSign Class 3 Public Primary Certification Authority - G5) of virisign which is not trusted by verisign, so the solution is replace it in your browser.
please go to :
https://www.verisign.com/support/verisign-intermediate-ca/secure-site-pro-intermediate/index.html
then follow the instructions here:
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=SO18688
0
 

Author Comment

by:ameriaadmin
Comment Utility
and what to do in server side?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:ameriaadmin
Comment Utility
I have replaced VeriSign Class 3 Public Primary Certification Authority - G5, by the new one, but I get same error.
0
 
LVL 6

Expert Comment

by:emadallan
Comment Utility
it's browser side, because your problem is that the intermediate cert in the chain is not trusted, contact the virisign and tell them to include the updated intermediate cert in your cert then import it to your two servers.
0
 
LVL 6

Expert Comment

by:emadallan
Comment Utility
one thing to mention is: To get browsers to trust the root CA, and intermedite ca the user must install the certificate in the browser's authorities store. so try to install the updated intermedite CA in the IE througn internet options-- import
0
 

Author Comment

by:ameriaadmin
Comment Utility
do you see the errors from https://ssl-tools.verisign.com/#certChecker for online.ameriabank.am and online2.ameriabank.am ?
0
 
LVL 6

Accepted Solution

by:
emadallan earned 500 total points
Comment Utility
no, but i just did! i see that now we have two problems:
the first that we talked before
the second is online2.ameriabank.am is not included in you cert as a common name,  why? because Typically a standard secure server SSL Certificate is issued to a single Fully Qualified Domain Name only, which is online.ameriabank.am to which it has been issued. so online2.ameriabank.am is not included.
the solution is to obtain the Wildcard SSL which easily get around this restriction by receiving a Wildcard SSL Certificate issued to *.ameriabank.am. The * character replaces a "fixed" sub-domain with a "variable" one.
0
 

Author Comment

by:ameriaadmin
Comment Utility
we already obtained SSL Certificate for online and onlin2 you can see it by opening onlin.ameriabank.am and online2.ameriabank.am
0
 

Author Closing Comment

by:ameriaadmin
Comment Utility
no, but i just did! i see that now we have two problems:
the first that we talked before
the second is online2.ameriabank.am is not included in you cert as a common name,  why? because Typically a standard secure server SSL Certificate is issued to a single Fully Qualified Domain Name only, which is online.ameriabank.am to which it has been issued. so online2.ameriabank.am is not included.
the solution is to obtain the Wildcard SSL which easily get around this restriction by receiving a Wildcard SSL Certificate issued to *.ameriabank.am. The * character replaces a "fixed" sub-domain with a "variable" one.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

The canonical version of this article is on my web site here: http://iconoun.com/articles/collisions/ A companion presentation is available here: http://iconoun.com/articles/collisions/Unicode_Presentation.pdf
Many companies are making the switch from Microsoft to Google Apps (https://www.google.com/work/apps/business/). Use this article to learn more about what Google Apps has to offer and to help if you’re planning on migrating to Google Apps. It is …
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Viewers will learn the different options available in the Backstage view in Excel 2013.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now