Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

SSL checker internal

Posted on 2016-10-28
4
Medium Priority
?
233 Views
Last Modified: 2016-11-13
I have a website that is accessible only to my internal users. The website is showing as an untrusted certificate error when accessing from one particular 2012 server. This started as a result of the globalsign cert issue recently highlighted in the news.
Is there anything I can download which will tell me if its root issue or intermediate issue. thanks.
0
Comment
Question by:Sid_F
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 65

Expert Comment

by:btan
ID: 41864892
May consider Certutil

A tool for administrators who manage the set of trusted root certificates in their enterprise environment. Administrators can view and select the set of trusted root certificates, export them to a serialized certificate store, and distribute them by using Group Policy.
E.g. CertUtil [Options] -syncWithWU DestinationDir
https://technet.microsoft.com/en-us/library/dn265983(v=ws.11).aspx#BKMK_CertUtilOptions

Check the certificate state against CA CRL or chain
E.g CertUtil [Options] -verify CRLFile CACertFile [IssuedCertFile]
Where,
CRLFile: CRL to verify
IssuedCertFile: optional issued certificate covered by CRLFile

https://technet.microsoft.com/en-in/library/cc732443.aspx#BKMK_verify


Another tool is Openssl
If you have the server certificate chain saved in a file, you can provide it to the OpenSSL "verify" command using the "-untrusted" option as shown below:

C:\Users\fyicenter>\local\openssl-win32\bin\openssl.exe

OpenSSL> verify -untrusted twitter_chain.pem twitter.pem
twitter.pem: C = US, O = DigiCert Inc, OU = www.digicert.com,
   CN = DigiCert SHA2 Extended Validation Server CA
error 20 at 1 depth lookup:unable to get local issuer certificate
error in verify

This tells us that the validation failed on locating the certificate of the issuer appeared on the intermediate CA certificate.
http://certificate.fyicenter.com/156_OpenSSL_verify-untrusted_-Specify_Untrusted_Certificate.html
0
 
LVL 6

Author Comment

by:Sid_F
ID: 41875654
Anything a bit easier e.g install software point to site etc : )
0
 
LVL 6

Author Comment

by:Sid_F
ID: 41875660
I managed to resolve the issue and the globalsign issue is resolved by downloading the first cert Domain Validation CA - SHA256 - G2 on the page from here https://support.globalsign.com/customer/portal/articles/1464460-domainssl-intermediate-certificates
0
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 41875803
Thanks for sharing.
You can try globalsign checker which is using ssllabs if your website is reachable. May be good to have a staging with replicate (with dummy data) to verify the ssl otherwise suggest use the offline tools for checking.
https://support.globalsign.com/customer/portal/articles/1217298-ssl-configuration-checker---overview
0

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you need a certificate so you can offer SSL encryption.  But which one should you get?  There are so many choices out there! Here is a generic overview of the main types of SSL certificates sold by the majority of commercial Certification Auth…
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question