Solved

Certificate error on web server on IIS 7.5

Posted on 2012-04-02
13
1,345 Views
Last Modified: 2013-05-18
Hello experts.
I installed new certificate (from Verisign) on my two servers.
Now they works, but  https://ssl-tools.verisign.com/#certChecker  shows some errors.


Certificate Chain Information
Could not determine the primary certificate for the Web server.

Server Name: online2.ameriabank.am
was checked using port number 443
The certificate installation checker connected to the Web server and read its certificates, but could not determine which is the primary certificate for the Web server. Make sure that the domain name entered above matches the common name of the certificate installed on the Web server.

""
please assist what can I do?
0
Comment
Question by:ameriaadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 
LVL 6

Expert Comment

by:emadallan
ID: 37796211
you shoud add the verisign cert to your trusted root certificate on both servers
0
 

Author Comment

by:ameriaadmin
ID: 37796229
I have don it, the sites work properly, but   https://ssl-tools.verisign.com/#certChecker shows error.
my sites are
online.ameriabank.am
online2.ameriabank.am
0
 
LVL 6

Expert Comment

by:emadallan
ID: 37796256
could you tell me the error message?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:ameriaadmin
ID: 37796273
I have post it.
<<<
online.ameriabank.am was checked using port number 443
The certificate installation checker connected to the Web server and read its certificates, but could not determine which is the primary certificate for the Web server. Make sure that the domain name entered above matches the common name of the certificate installed on the Web server.
>>>

you can check it by   https://ssl-tools.verisign.com/#certChecker   for onlin.ameriabank.am and online2.ameriabank.am
0
 
LVL 6

Expert Comment

by:emadallan
ID: 37796371
ok, the problem is due to intermediate certificate called: (VeriSign Class 3 Public Primary Certification Authority - G5) of virisign which is not trusted by verisign, so the solution is replace it in your browser.
please go to :
https://www.verisign.com/support/verisign-intermediate-ca/secure-site-pro-intermediate/index.html
then follow the instructions here:
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=SO18688
0
 

Author Comment

by:ameriaadmin
ID: 37800248
and what to do in server side?
0
 

Author Comment

by:ameriaadmin
ID: 37800286
I have replaced VeriSign Class 3 Public Primary Certification Authority - G5, by the new one, but I get same error.
0
 
LVL 6

Expert Comment

by:emadallan
ID: 37800302
it's browser side, because your problem is that the intermediate cert in the chain is not trusted, contact the virisign and tell them to include the updated intermediate cert in your cert then import it to your two servers.
0
 
LVL 6

Expert Comment

by:emadallan
ID: 37800328
one thing to mention is: To get browsers to trust the root CA, and intermedite ca the user must install the certificate in the browser's authorities store. so try to install the updated intermedite CA in the IE througn internet options-- import
0
 

Author Comment

by:ameriaadmin
ID: 37800435
do you see the errors from https://ssl-tools.verisign.com/#certChecker for online.ameriabank.am and online2.ameriabank.am ?
0
 
LVL 6

Accepted Solution

by:
emadallan earned 500 total points
ID: 37800532
no, but i just did! i see that now we have two problems:
the first that we talked before
the second is online2.ameriabank.am is not included in you cert as a common name,  why? because Typically a standard secure server SSL Certificate is issued to a single Fully Qualified Domain Name only, which is online.ameriabank.am to which it has been issued. so online2.ameriabank.am is not included.
the solution is to obtain the Wildcard SSL which easily get around this restriction by receiving a Wildcard SSL Certificate issued to *.ameriabank.am. The * character replaces a "fixed" sub-domain with a "variable" one.
0
 

Author Comment

by:ameriaadmin
ID: 37800717
we already obtained SSL Certificate for online and onlin2 you can see it by opening onlin.ameriabank.am and online2.ameriabank.am
0
 

Author Closing Comment

by:ameriaadmin
ID: 39177163
no, but i just did! i see that now we have two problems:
the first that we talked before
the second is online2.ameriabank.am is not included in you cert as a common name,  why? because Typically a standard secure server SSL Certificate is issued to a single Fully Qualified Domain Name only, which is online.ameriabank.am to which it has been issued. so online2.ameriabank.am is not included.
the solution is to obtain the Wildcard SSL which easily get around this restriction by receiving a Wildcard SSL Certificate issued to *.ameriabank.am. The * character replaces a "fixed" sub-domain with a "variable" one.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lync meeting or Lync conferencing is what many organizations would like to deploy to allow them save money. But companies are now giving up for various reasons, one of which is that they cannot join external meetings (non-federated company meetings)…
Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
The viewer will learn how to use a discrete random variable to simulate the return on an investment over a period of years, create a Monte Carlo simulation using the discrete random variable, and create a graph to represent the possible returns over…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question