Tuesday, August 1, 2017

iis 7 - IIS 7 with verisign certificate, invalid certificate returned




We have IIS7 on windows 2008 and we installed verisign certificate and bound it to https. Certificate seems fine.



Chain:



mysite.com - not expired
VeriSign international server CA class 3 - not expired
Verisign Class 3 Public primary certification Authority - not expired



Yet when I use verisign online validation, I get that second certificate is expired.



https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR1130#




This is what it reports, mysite is reported to be ok:



--Issued To-- 
Organization: VeriSign Trust Network
Organizational Unit: www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Organizational Unit 2: VeriSign International Server CA - Class 3
Organizational Unit 3: VeriSign,, Inc.
--Issued By--
Organization: VeriSign,, Inc.

Organizational Unit: Class 3 Public Primary Certification Authority
Country: US
Validity Start: Wed Apr 16 17:00:00 PDT 1997
Validity End: Wed Jan 07 15:59:59 PST 2004


Any ideas?


Answer



Did you use the right intermediate and is it chained properly? VeriSign certificates are extremely picky.




I'd suggest trying the following:



1) Use VeriSign's site to lookup the common name for the cert: https://securitycenter.verisign.com/celp/enroll/outsideSearch?application_locale=VRSN_US&originator=VeriSign:CELP



2) Cross-reference the name in the search with the required intermediate here: https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=SO11501&actp=search&viewlocale=en_US&searchid=1275755447299



3) Examine the certificate bundle you received and ensure that the certs match up. You can use OpenSSL, keytool, Windows etc... whatever tools you have available.



4) Ensure that the root certificate exists on the server Windows will usually already have them updated.




Cheers,



-M


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...