Solved

Security Alert - security certificate for this site is not available?

Posted on 2012-04-11
7
562 Views
Last Modified: 2012-04-16
We have users that get this when they log in a PC and try to run their first credit card payment of the day. No matter which option you choose, it takes about 60 seconds to run the first transaction, after that it's OK. It's just a nuisance but a fix would be great.

revocation information
0
Comment
Question by:ParisAM
  • 4
  • 3
7 Comments
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 37833692
Go ahead and view the certificate.  In the properties for the certificate should be a line for 'CRL' (Certificate Revocation List), which should have at least one (possibly more) methods of contacting the issuing CA to check to confirm that the certificate hasn't been revoked.  http or ldap URLs are frequently seen in that entry.  Determine why the workstation can't read from the CRL location, and fix that, and the Alert messages should go away.
0
 

Author Comment

by:ParisAM
ID: 37833716
If this helps - This happens when making a payment on our system that was created by our own programmers, could this be something they need to fix?

When I view the certificate details, here's what I see:

cert1cert2cert3
0
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 37833784
Yep.  That helps.  I went ahead and pointed myself at that website, and pulled up the certificate locally.  The CRL Distribution point in the certificate says it's:

http://EVIntl-crl.verisign.com/EVIntl2006.crl

I confirmed that I can get there.  Are there any network ACLs which prevent that user from being able to access the verisign server on port 80?  (You can see if you can hit that URL from that workstation...)
0
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

 
LVL 30

Expert Comment

by:Rich Weissler
ID: 37833795
(If you wanted to find where I'm looking... on the 'details' tab, scroll down to the 'CRL Distribution Points' field.)
0
 

Author Comment

by:ParisAM
ID: 37844777
We can access that link with no problem....
0
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 37847313
*blink*  But... that's what the error means.  
Okay... what about if you try to access that machine first thing.. before any transactions are run from the computer?  Does it still work okay?  (Any chance it's actually a DNS problem, and the sixty seconds is the time it takes the system to try a second DNS server?)

Is it at all possible that the date on the computer being used for CC processing is wrong by something in terms of days or weeks, such that the CRL looks out of date?
0
 

Author Closing Comment

by:ParisAM
ID: 37852778
Well, you pointed us in the right direction. I showed our programmer and she said that only certain machines (cash register machines) were OK, while other call takers processing payments were getting it. Something do with with accessing an AS400 server.

Thanks for the quick responses and help.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Performance monitor user data collector set error 6 63
laserjet printer error 10 44
Add local user to local administrator group 3 27
HP Laserjet Pro MFP M126nw 3 23
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question