Over 1 million tech questions and answers.

Certificate issue using Netbios/FQDN against Subject/SAN certificate

Q: Certificate issue using Netbios/FQDN against Subject/SAN certificate

Hi,

Really confusing one here. Since this weekend (16/17 July) we have started getting Certificate errors on some sites and applications. This seems to be due to the structure of the URL compared to the "advertised" name IIS is presenting. I'll try
to explain.
I have a site, Website. This is in my domain, domain.com. Therefore the FQDN is website.domain.com. IIS is running and I can access this site through FQDN,NetBIOS or IP address. Good news.
I create a certificate for the server using the FQDN as the subject, I add the Netbios and IP addresses in the Subject Alternate Names and Bind this to port 443 on the server.
I browse to https://website and all is good. I browse to https://website.domain.com I get a certificate error. Checking the certificate, everything is fine, no errors, chain is trusted. open Chrome and do the same, I get that the certificate website.domain.com
is being presented by Website and may not be the site I want.
Using either URL has never been a problem until this weekend, but it seems that IE/Windows/IIS is not liking any URL that is not EXACTLY what IIS is presenting. so my questions are:-
Is anyone else finding this?
Can we issue a certificate that covers all possible DNS resolutions for a site?
How do I control WHAT IIS advertises itself as?
SO far this has affected two major systems on our network and I can see that more will arise, so any help would be appreciated.

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Certificate issue using Netbios/FQDN against Subject/SAN certificate

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 107.6

Hello,

I am trying to resolve an issue where multiple client computers in the organisation are using an internally deployed Root CA certificate (before my time and no longer required) to sign the end entity certificate for external websites, google.co.uk
for example. All SSL sites appeared to be affected by this.




However this is not the case as sub domains of sites with issues show the correct cert chain, the below is for mail.google.com




Removing or untrusting this root ca cert breaks access to these sites.

I have reset root certs in various ways, removed machines from the domain, applied no GPOs, manually updated CRL and pulled down updated certs with rootsupd.exe.
It always attempts to use this rouge CA cert to sign the websites cert.

Any assistance would be much appreciated.

Read other answers
RELEVANCY SCORE 106.4

Hi,
I am trying to install CA root certificate on Windows 7, IE 9.
Encounter error: "Untrusted Certificate".  "This certificate cannot be verified up to a trusted certificate authority."
I have tried to install the certificate to Trusted Root Certificate Authorities->local computer and import was successful. BUT on IE->Internet Options->Certificate->Trusted Root Certificate Authorities, I am unable to find this root CA on
the list.
On mmc->Certificates->Trusted Root Certificate Authorities->certificates, I am able to view this root CA.
I then restarted the IE and view the ssl site again but failed too, "Untrusted Certificate".
Anyone, any idea ?
Regards,
Eye Gee

A:Unable to Install Root CA Certificate - Certificate cannot be verified up to a trusted certificate authority.

May the following workarounds work for you:
Workaround 1:
Modify the Windows settings to allow the Update Root Certificate feature to update the root certificates automatically. For details, see the following Microsoft TechNet article:
Certificate Support and Resulting Internet Communication in Windows Server 2008
http://technet.microsoft.com/en-us/library/cc771121(WS.10).aspx
Workaround 2?
If the Update Root Certificate feature cannot automatically update the root certificates, you may contact the website vender to see if there is a hotfix can fix the issue.

Read other 8 answers
RELEVANCY SCORE 93.6

Microsoft certificate snap-in is chaining these two certificates, but take a look at their corresponding names:

ANF Peru CA1
Issuer: 
O = ANF Autoridad de Certificacion
OU = ANF Clase 1 CA
C = ES
CN = ANF Global Root CA
SERIALNUMBER = G63287510
Subject: 
O = ANF AC Entidad de Certificacion Peru SAC
OU = ANF Autoridad Raiz Peru
C = PE
CN = ANF Peru CA1
SERIALNUMBER = 20601216281
ANF Global Root CA
Issuer: 
CN = ANF Global Root CA
SERIALNUMBER = G63287510
E = [email protected]
OU = ANF Clase 1 CA
O = ANF Autoridad de Certificacion
L = Barcelona (see current address at http://www.anf.es/es/address-direccion.html )
S = Barcelona
C = ES
Subject: 
CN = ANF Global Root CA
SERIALNUMBER = G63287510
E = [email protected]
OU = ANF Clase 1 CA
O = ANF Autoridad de Certificacion
L = Barcelona (see current address at http://www.anf.es/es/address-direccion.html )
S = Barcelona
C = ES

So why is MS chaining these certificates if distinguished names doesn't match?.

Read other answers
RELEVANCY SCORE 90.4

(I'm cross posting this from
https://answers.microsoft.com/en-us/ie/forum/ie11-windows_7/a-certificate-chain-processed-but-terminated-in-a/e6895c7e-c6b9-4a96-a5f5-a4dcd40b7b45 as directed by the forum moderator there.)
Hello,

First, I have reviewed the other posts with similar questions and noted that I can install the certificate into root certificates and most likely this problem will go away, some specifics:

1) When a client reported this error using a pop.secureserver.net on an outlook 2003 client, I just figured it was godaddy or the REALLY old Outlook client, but nonetheless, I went in to troubleshoot it and was convinced it was godaddy, but when I tried
to start my Outlook 2016 client on my Windows 10 computer on their network, I got the same error.  Two notes are important: 1) I use godaddy as well and 2) I used the same computer at a different client just yesterday without a single error message.
2) They use POP 995 w/ SSL & SMTP 465 w/ SSL to pop.secureserver.net & smtpout.secureserver.net repsectively
3) I called the company that manages their firewall and was told that everything was fine, but was sent a certificate from the firewall that might fix the problem.
4) The firewall company tells me they use a fortinet firewall

I have some questions that I'm hoping one of the experts here can answer for me:

- What in a firewall setup can cause a certificate to fail as listed in the subject?
- Is there a port or configuration change they... Read more

Read other answers
RELEVANCY SCORE 90.4

Is there a rvkroots.exe available for download for the mentioned KB so that I can remediate a Nessus finding?
We are on a disconnected network so windows update is disabled in our network.
In the past we are able to just download rvkroots.exe and push it out to all our Win7 computers.

Read other answers
RELEVANCY SCORE 90.4

so whats up with this error message ??
Revocation information for the security certificate for this site is not available. Do you want to proceed? [Yes] [No] [View certificate]


i know it can be unchecked in security option under advanced. but is that really safe to do ???

Thx


Steven J Einhorn

Read other answers
RELEVANCY SCORE 90.4

I have some Windows 7 systems which have not run Windows Updates for many years, and cannot due to regulatory reasons.   We rely upon Windows to automatically update the Trusted Root Certificate store whenever we browse to a web site/web service
that uses a certificate the system doesn't recognize. 
Sometime recently, the Trusted Root Certificate Store no longer updates automatically.  The Windows Event Log shows an error stating that the certificates cannot be downloaded from:
http : // ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
If we browse to this location manually, the cab file contains an invalid Microsoft certificate. 

This was also an issue in Sept 2018.  At that time, the certificate had expired, and Microsoft eventually updated the certificate to resolve the issue.   This time, the certificate does not appear to have expired.  Why is the certificate
invalid this time, and can Microsoft fix it again?

Thanks

Read other answers
RELEVANCY SCORE 89.2

In Internet Explorer, when I get a certificate error, if I continue to the web site, I can then view the certificate to see what was wrong.  However, obviously it would be preferable* to see the certificate
before I make the decision to go to the site.  Is this possible?  I'm sure I could use another browser that does this, or maybe use the F12 developer tools, or write a program.   But I'm looking
for a normal-user way to do it.  I think it used to be possible in Internet Explorer, but this might have been 6.x or even earlier.  Or even
way earlier.  Yep.  I'm that old.  I believe this feature is not in Edge either...unless I'm just missing it.  But I'm using ie11 right now.
*understatement level is set to "high".

Read other answers
RELEVANCY SCORE 89.2

Can someone walk me through the steps of having Advanced Threat Analytics (ATA) request a new certificate from Active Directory Certificate Services (ADCS)?  I'm not familiar with either product so I will need detailed steps please.  At a high-level
i'm guessing
1. ATA issues a certificate request
2. I send the request to ADCS
3. ADCS issues a cert for that request
4. Install new cert in ATA
I'll need detailed command line statements.  My ATA Center server is named ATASERVER.DOMAIN.ORG, and I but the URL is configured as ATACENTER.DOMAIN.ORG in ATA.  Can the cert handle both the servername and the URL?
Thank you in advance!

Read other answers
RELEVANCY SCORE 89.2

I have Windows 7 client and Cisco router is configured as Certificate Authority. Cisco calls it IOS CA. How can I do certificate enrollment of Windows 7 client with my Cisco IOS Certificate Authority?

Read other answers
RELEVANCY SCORE 89.2

Hiya

This update addresses the "Certificate Renewal Wizard Concatenates Certificate" issue in Internet Information Services (IIS) 5.0, and is discussed in Microsoft Knowledge Base (KB) Article Q325827. Download now to correct this issue for IIS 5.0

System Requirements
Supported Operating Systems: Windows 2000

Internet Information Services 5.0
Windows 2000 Professional
Windows 2000 Server
Windows 2000 Advanced Server

http://www.microsoft.com/downloads/...43-c72f-4652-b912-065ee2a83c02&DisplayLang=en

Regards

eddie
 

Read other answers
RELEVANCY SCORE 87.6

Hi,
Having some fun with a windows 7 setup of DirectAccess, have it configured to use ECC certificates on the client for the IPSec authentication, which was working brilliantly, we even have it loaded up behind a Citrix Netscaler to do SSL offloading of the
HTTPS tunnel encryption. But when trying to get Client Preauthentication working, we hit a snag, it seems that the NetScalers dont support ECC certificates, which is a pain, but something we thought we could work around by using an RSA certificate on the client
to performed the pre-authentication (as shown here https://directaccess.richardhicks.com/2016/05/10/directaccess-ip-https-preauthentication-using-citrix-netscaler/).
So we have three CA's, CA1/2 issue RSA certs and CA3 is setup to do the ECC ones, so nice separation of the chains.
So we have our Cert chain for RSA loaded into the load balancer and a new cert issued to the client from CA1... But, every time the client connects to the server (LB) we see the handshake taking place, the server sends a list of its DNs (CA1/2) (https://blogs.msdn.microsoft.com/kaushal/2015/05/27/client-certificate-authentication/)
to the client, but then the client looks in its store, picks out the ECC certificate (issued from CA3) and fails to authenticate saying no suitable certificate can be found, its like its not even looking at the RSA one at all.
So, thinking something was wrong with the way the LB was asking for client authentication, I tried deleting the ECC cert a... Read more

Read other answers
RELEVANCY SCORE 87.6

Good Day



We have a problem where we encrypted files using EFS, however we can't access or decrypt these files now.

We have the certificate in the certmgr.msc but we do see that the key is missing.



I have reproduced this on another computer and was able to run certutil -repairstore -user MY "Serial Number" which worked in repairing the store and files was decryptable again.

However on the machine that encrypted the files that we need to access this is not the case as there is a popup asking for your Smart Card.

We are not using Smart Cards at all, and have had a look at the following article regarding this issue, but the hotfix didn't work: https://support.microsoft.com/en-us/kb/2955631




I have software that can remove the encryption but will require the .pfx file, which can't be exported as the certstore doesn't show that it still has this.



It is a self signed certificate generated by Windows, so I can't request a new one using the CA.


Thanks for your help in advance.

Read other answers
RELEVANCY SCORE 84.8

I have Windows 2008 R2 servers in another forest we are trying to access shares on.
There is a forest trust and DNS has a conditional forwarder to that domain. The client pc has a DNS search suffix for the remote domain.
issue is I can access remote shares using either server NetBIOS name or IP address, - works fine.
If I use the FQDN, for example: 
\\server1.otherdomain.com\share1   - this results in Explorer hanging for 10 minutes and eventually a login box comes up saying 'system cannot connect to a domain controller'..
The client pc can resolve both the NetBIOS and FQDN of the remote server. Nslookup returns good result also.
This happens with both Win7 and Win10 clients

thanks
 

Read other answers
RELEVANCY SCORE 84.4

seems that "Microsoft Certificate Trust List Publisher" Certificate Valid:01.27.2017-04.12.2018 is missing following EKU
'Microsoft Trust List Signing' (1.3.6.1.4.1.311.10.3.1) ?!
-ExtendedKeyUsage
     -Usage
          [ oid] 1.3.6.1.4.1.311.10.3.1
          [ name] Microsoft Trust List Signing
-ErrorStatus
     [ value] 10
     [ CERT_TRUST_IS_NOT_VALID_FOR_USAGE] true
Note: KB2328240 is imho not permanently fixing this problem ! (*curing only some derivated symptoms)

Read other answers
RELEVANCY SCORE 84.4

I have a problem with install multiple digital certificate (PKF format) to allow access to one website with different account ID.

Every time I installed the certificate, it is working and allow me access to the website with relevance ID. However, the installed certificate will be missing if I continue to install with another certificate. The way I install the certificate is just double click on the PKF certificate that provided by the website admin, then kept click on the next button until its finish the installation steps. All the certificates will install to "Personal" certificate store folder, but the problem is only one certificate will remain.

I ever try to import all the certificate with using windows certificate manager, is allow me to import all the certificates and able to let me access to the website with select different certificate to login with selected account ID. Anyway this method is only workable if the Internet Explorer is not close after install all the certificates, once the Internet Explorer is close, then all the certificates were gone.

The motioned problem PC is running on Windows XP SP3 with latest update. And the using internet explorer is version 8 with latest update as well.

I had try to reset the Internet Explorer to default, but is not working so, appreciate is anyone can guide me to solve this problem

A:PKF certificate missing after new certificate was installed

Under "Content" in Internet Options, are all your certificates there? Mine are. Either your Admin. or the issuer should have your answer. Some PKFs are not compatible with all OSs or Browsers. Try downloading certificates to Firefox or Chrome and see if that works.

Read other 2 answers
RELEVANCY SCORE 84.4

I based my actions amongst others on this source:https://www.adlerweb.info/blog/tag/procurve I am using openssl to create my own CA for my company's switches etc.  and i am having trouble with a number of recent procure switches. I created a root CA (2048 bits rsa, sha1 so as not to make things too difficult)I created a custom TA called "netwerk", uploaded the CA root certificate, so far so good Created a CSR:crypto pki create-csr certificate-name sw1113  ta-profile netwerk usage web subject common-name sw1113 key-size 2048 the rest of the info and extensions like CDP alternative names etc. is being pushed while signing in openssl via an extensions file resulting CSR processed with openssl (keeping it a simple 2048/sha1 leafcertificate) Signed this CSR with the afore mentioned and uploaded root certificate: Resulting PEM pasted to install the generated leaf certificate sw1113(config)# crypto pki install-signed-certificatePaste the certificate here and enter:-----BEGIN CERTIFICATE-----MIIEGjCCAwKgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlzELMAkGA1UEBhMCTkwx.....ASCspazUcVeCueTvvVLr4UPObJB1/IBHKHCwkN7nuaTHuiDD8tQzOlWaxry4MsEFGXojuFv1YtFAtlgLlwxvqndi2NysNyqcnZR1o4l0qe4eSrIlUrCyrvyieK5rdQ==-----END CERTIFICATE-----Certificate being installed is not signed by the TA certificate. So, what is going on? The leaf cert is definitely signed by the root cert that was uploaded as TA cert.    Would really appreciat... Read more

Read other answers
RELEVANCY SCORE 82.8

Option "Find Certificate" is missed when I try to edit certificate on another computer using mmc.Could you please let me know how can I solve that? I'm sure I'm admin on the remote machine.

Read other answers
RELEVANCY SCORE 79.2

No doubt that this has been brought up before, but I cannot locate the thread.

I installed Win 7 on an XP PC. I purchased Win 7 on Ebay recently. Had all sorts of problems getting to just about every website. Certificate issues. I reformatted the computer three times and reinstalled Win 7 again and again. Still certificate issues. Even when I install a certificate for a particular site, browsers keep telling me the certificates are invalid, etc. This goes for both Internet Explorer and Google Chrome.

So I reformatted and reinstalled Win XP again. Same problems. I can't even get to Microsoft to revalidate my Win XP. Very strange that this would continue to occur even after I've reformatted and reinstalled the operating systems.

I even went to my router login to see if there were any issues, because this problem is constant, no matter what I try.

I also tried to install the MS root certificate, but my machine will not even open the program up.
I have two other Win 7 computers that do not have this issue.

After I installed Win 7 for the first time on this particular computer, I entered the key and got no errors. A couple of days later, a note popped up on the screen that this was not a valid Win 7 OS. The person I purchased it from says that it is. I've been getting some strange, perhaps virus traffic lately and I don't know if this is related. One message said that to verify the OS, I needed to install a certain certificate. The URL was from "Microsoft Com", s... Read more

A:Certificate Issue

Deleted comment.
How can I delete this post?

Read other 3 answers
RELEVANCY SCORE 78.4

Hello,

I have an issue with several of our clients when navigating to us.linkedin.com, it is showing a certificate expiry error. The certificate shown is valid until 30/11/2017.

If I navigate to the same URL on the same machine using Chrome or Firefox, the correct new certificate is provided and there are no issues.

I have done the below, but all do not resolve:

- Tested inside and outside of our proxy (eg so client is going straight to internet)
- Selected the option to Clear SSL State in IE
- Used certutil -urlcache * delete to clear all cache
- Added the Inter CA DigiCert

Am using IE Version 11.

I am at a loss as to what this could be - any ideas?

Thanks,

Adam.

Read other answers
RELEVANCY SCORE 78.4

I'm having a terrible time with this. I have an ECDSA cert/key P384 along with it's certification path CA certs in a .p12 file. I have installed the client cert and the CA certs to the proper stores.

Every time I try to connect to my WPA2 network I get an error stating that a proper certificate could not be found. All certificate times are ok.

All help much appreciated

Bill

-----------------------------------
Chev65 - thank you for your interest. Yes, I had done what you have suggested. The interesting thing is that the certificate I installed is ECDSA and neither IE nor wireless will even list the cert as one that can be chosen when trying to authenticate However, IE does list the cert as installed.
I have used this cert to perform EAP-TLS authentication using other systems so I am 99% sure that the problem is not with the cert.

Does anyone know of any issues with Windows 7 and ECDSA certificates? I thought one of the improvements was incorporation of ECC and support for NSA Suite B.

A:ECDSA Certificate EAP-TLS issue

Under "Manage wireless Networks" you should be using WPA2 Enterprize instead of WPA2 personal, I'm not sure if you are already doing that or not?

The Advanced settings tab comes up after you switch to "WPA2 Enterprize". This should allow you to use those certificates but there are more choices involved in this process.

When you click on one of the two settings it says "Smart card and other Certificate Properties" or "Microsoft protected EAP (PEAP) . I would look through both of them and try different settings. I'm not sure which setting would work with your particular certificate.

For your EAP-TLS it should be the second one which gets you to the "Protected EAP properties" window. Further down the page it shows "Select Authentication Method" or you can choose "connect to these servers" and type in the name of the server.

I'm not sure which one on the list relates to your ECDSA certificate but one of them should work.

Read other 3 answers
RELEVANCY SCORE 78.4

Hello,

I am having very odd issue with my PC. When I tried to access accounts.google.com, the browsers (chrome, firefox, IE) showed that certificate is not trusted and the option to proceed was not available. Here is the odd part, I can open the URL right after my PC boot up but I can't access it a few minutes later. I can access other websites normally as usual, I even still can log in to gmail because my browsers saved the cookies.

I tried some troubleshooting steps such as clearing browser cache and cookies and restoring my windows system. This problem occurs only on my PC and started a few days ago. Another issue is my windows update is not working, and I think this issue started at the same time as my first issue. I don't know if there's connection between them.

I've been googling for two days and followed a suggestion to download and install root certificate from microsoft but it didn't work. How do I solve this problem?

Thank you in advance

A:Odd certificate issue for particular website

Welcome to Seven Forums maurisrx. The first thing I would do is confirm your system time and date

Date and Time - Change

If it is correct, screenshots of the actual errors from each browser will help

Screenshots and Files - Upload and Post in Seven Forums

A Guy

Read other 9 answers
RELEVANCY SCORE 78.4

My internet explorer or Mozilla does not matter which one I choose to use for internet acces seem to think all site certificates are bad. I need to manually accept the site even ones that I use daily on other computers with no issue, example it thinks my bank, H&R Block certificates are no good, yet I access them from other laptops or desktops with no issue. In internet options I have selected various levels of security with no effect at all, it is very annoying. The address bar comes up Red no matter which site you go to. The lap top is a Sony VAIO and has Vista on it and as I indicated I have both Mozilla and or IE to choose from to surfe. Any help is appreciated
 

A:Site certificate issue

check the time & date on your computer is correct
 

Read other 1 answers
RELEVANCY SCORE 78.4

I keep getting a random IE pop-up boxes with the following message:

The server you are connected to is using a security certificate that could not be verified. A required certificate is not within its validity period when verifying against the current system clock or timestamp in the signed file. Do you want to continue using this server?

I've clicked yes, but it pop-ups again.

Here is my lastest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 4:03:29 PM, on 2/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\Di... Read more

A:Pop Up - security certificate issue

look at the time stamp in HJT

2/13/2005

ur a year behind! log is fine
 

Read other 2 answers
RELEVANCY SCORE 78.4

On some of the Windows machine, we received below error message while retrieving certificates. On other machines, there is no issue.
An error occurred while creating the certificate request. Please verify that your CSP supports any settings you have made and that your input is valid.  
Suggested cause:
No suggestion. 
Error: 0x80090345 - (unknown) 

Read other answers
RELEVANCY SCORE 78.4

My work involves several sites we use on a daily basis. One of these sites (via Chrome) has started coming back as "unsecure", and no fixes I've done are working. I've modified the settings (and then) turned off the warnings, I've added -ignore-certification-error to the shortcut properties, and I've added the site to the list of Trusted Sites. I still keep getting the damn "not secure" warning.

The PCs in question are Dell Optiplex 7040. Does anyone have any other ideas? I've looked at doing Copy To File for the site certification, but the one in question is grayed out.
 

Read other answers
RELEVANCY SCORE 77.6

Hi all. I have an annoying little problem accessing some of my mail accounts on my Samsung G800 mobile phone.
I've got 4 gmail accounts and one yahoo which are set up in my phones email client. It can take 30 seconds+ for the phone to check all my accounts once I initiate it so I like to set it going, close it up and put it in my pocket. If I have mail it'll buzz me, if not it won't.
My trouble is that my Yahoo account and one of my Gmail accounts throws up a warning telling me that the security certificate can't be varified and won't go any further until I accept it. It confuses the life out of me because the other three Gmails happilly carry on through without giving the warning. I've checked all the settings on my phone and each account is identical except for the login information.
Are there any settings in Gmail or yahoo themselves which could cause this? I doubt it as my N93 had no such trouble doing an identical job.
Thanks in advance
 

Read other answers
RELEVANCY SCORE 77.6

Hello,
I'm trying to upload a certificate to the message analyzer and receiving invalid password error. I know the password is correct as I can install the certificate using MMC with same password. I notice that every time I try to upload the certificate in Message
Analyzer, I receive this error in Windows Security Log (below). This certificate has multiple SAN entries as it's for a load balanced environment. I've been able to successfully load certificates that do not have SAN entries.
Any pointers on what might be causing this issue and how to resolve it?
Message Analyzer Error: Password for MyCert.pfx is Incorrect.
Corresponding Windows Security Log Entry:
Cryptographic operation.

Subject:
Security ID:
DOM\MyId
Account Name:
MyId
Account Domain:
DOM
Logon ID:
0x56fad

Cryptographic Parameters:
Provider Name:
Microsoft Software Key Storage Provider
Algorithm Name:
RSA
Key Name:
le-WebServerAlternateName-{some GUID}
Key Type:
Machine key.

Cryptographic Operation:
Operation:
Create Key.
Return Code:
0x80090010

SANs in Certificate:
DNS Name=DOMAPSV1
DNS Name=DOMAPSV1.dom.ag.loc
DNS Name=DOMAPSV2
DNS Name=DOMAPSV2.dom.ag.loc
DNS Name=DOMAPSV3
DNS Name=DOMAPSV3.dom.ag.loc
DNS Name=DOMAPSV4
DNS Name=DOMAPSV4.dom.ag.loc
DNS Name=DOMAPSV5
DNS Name=DOMAPSV5.dom.ag.loc
DNS Name=DOMAPSV6
DNS Name=DOMAPSV6.dom.ag.loc

Read other answers
RELEVANCY SCORE 76.8

Hey all,I beleive I may have run into a malware situation. I am running Windows 7 and use Google Chrome.When I went to log in to various sites: Facebook, Yahoo, Twitter - pretty much anything with a login - I received this message:The site's security certificate is signed using a weak signature algorithm!You attempted to reach login.yahoo.com, but the server presented a certificate signed using a weak signature algorithm. This means that the security credentials the server presented could have been forged, and the server may not be the server you expected (you may be communicating with an attacker).You should not proceed, especially if you have never seen this warning before for this site.Proceed anyway Back to safety Help me understandWhen you connect to a secure website, the server hosting that site presents your browser with something called a "certificate" to verify its identity. This certificate contains identity information, such as the address of the website, which is verified by a third party that your computer trusts. By checking that the address in the certificate matches the address of the website, it is possible to verify that you are securely communicating with the website you intended, and not a third party (such as an attacker on your network).In this case, the server certificate or an intermediate CA certificate presented to your browser is signed using a weak signature algorithm such as RSA-MD2. Recent research by computer scientists showed... Read more

A:Google Chrome - Certificate Security Issue

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 5 answers
RELEVANCY SCORE 76

I recently purchased and installed a new modem, an Arris SB6183-RB. I went through the install with my provider and got everything enabled and set to go while I was on a direct ethernet connection. The ethernet connection still works fine.

My issue is once I send traffic over my wireless router, an ASUS RT-AC68U that I have had for two years and always worked great. Something is causing major security conflicts. Perhaps the firewall somehow? Basically, any device over the wireless network receives certificate security errors and websites cannot load. I have attached outlook.com screenshots as an example. I have two computers, and a smart phone, and any websites over the network now have problems. There are a few sites where certificates seem to work, and some apps on my phone seem to work fine. But the majority of websites:

1.) I get an alert from ESET antivirus about the faulty certificate.
2.) If I ignore that, Firefox is usually next on my tail.
3.) If I add an exception on Firefox and ignore, then it goes through OpenDNS and I am blocked on that end.

Basically, any traffic over my router is now hit with tons of warnings. I have tried the following:

1.) Updated the Firmware on the router, took a few flashes to get up to the most current Merlin version 380.62, did not help.

2.) I tried modifying a few settings in the router firmware that were recommended after updating to the latest Merlin, but these are more speed adjustments. Did not help.

3.) I went into the GUI fo... Read more

Read other answers
RELEVANCY SCORE 76

This is a fresh install, where fresh means it was reinstalled over an existing install and nothing was kept from the previous install, of Windows 8.1. Windows update appears to be checking forever but nothing is ever updated. 
I've seen a good number of errors in WindowsUpdate.log and tried to address those through the various fixes seen throughout these forums. Many thanks to those that have contributed over the years!

The same image has been used without issue to reimage other machines but I downloaded another one from our volume license subscription as a just in case but it made no difference. At the very bottom is what I suspect the culprit is but I'm not deeply familiar
with the backend of the Windows Update process. 

Any assistance is appreciated!!!!

Here is what I've tried so far and what the end result was.


Windows Update Troubleshooter: Found and fixed errors. I ran this multiple times through out the various attempts to get WU working.sfc /scannow: Found no corrupted filesDISM /Online /Cleanup-image /Restorehealth: Said it found issues and repaired them.
I'm currently running through the steps below and currently at the "Reset or reinstall Windows" section which boggles my mind since this is a fresh install.
https://support.microsoft.com/en-gb/help/10164/fix-windows-update-errors

I've also tried everything noted here, 
https://support.microsoft.com/en-us/help/971058/how-do-i-reset-windows-update-components

I checked... Read more

Read other answers
RELEVANCY SCORE 75.2

Hi,

Our company is planning to replace SHA1 certificates to SHA256 certificates. We are now on the testing phase.

Our Radius Server is: Cisco ACS
Current Authentication Method: User Authentication (EAP-TLS using our PKI infrastructure)

Issue: Clients using Windows 7 cannot connect to our Current SSID but Windows 10 users can connect. Using the old SHA1 certificate, both Windows 7 and 10 users can connect. Windows 7 machines are saying "a certificate is required to connect
to <SSID>". even though the certificate is already installed.

Changing the Authentication from "User" to "Machine" Authentication, the windows 7 laptop responds and attempts to connect on the Cisco ACS. 

Cisco TAC says
"ACS is properly configured, but as explained before we are not reaching the TLS handshake between ACS and windows machine since the windows machine is not responding to the WLC EAPOL packet."

What could be the problem on the windows 7 machine? Do we need to upgrade something?

Read other answers
RELEVANCY SCORE 74.4

Hi,

Our company is planning to replace SHA1 certificates to SHA256 certificates. Our parallel PKI infrastructure using SHA256 is now in place.

Root and Policy CA are shutdown. Only Issuing CA is online. AIA and CDP were already published. Clients can now get the new SHA256 certificates.
We are now on the testing phase.

Our Radius Server is: Cisco ACS
Current Authentication Method: User Authentication (EAP-TLS using our PKI infrastructure)

Issue: Clients using Windows 7 cannot connect to our Current SSID but Windows 10 users can connect. Using the old SHA1 certificate, both Windows 7 and 10 users can connect. Windows 7 machines are saying "a certificate is required to connect
to <SSID>". even though the certificate is already installed.

Changing the Authentication from "User" to "Machine" Authentication, the windows 7 laptop responds and attempts to connect on the Cisco ACS. 

Cisco TAC says
"ACS is properly configured, but as explained before we are not reaching the TLS handshake between ACS and windows machine since the windows machine is not responding to the WLC EAPOL packet."

What could be the problem on the windows 7 machine? Do we need to upgrade something?

Read other answers
RELEVANCY SCORE 73.6

Hi,

Our company is planning to replace SHA1 certificates to SHA256 certificates. Our parallel PKI infrastructure using SHA256 is now in place.

Root and Policy CA are shutdown. Only Issuing CA is online. AIA and CDP were already published. Clients can now get the new SHA256 certificates.
We are now on the testing phase.

Our Radius Server is: Cisco ACS
Current Authentication Method: User Authentication (EAP-TLS using our PKI infrastructure)

Issue: Clients using Windows 7 cannot connect to our Current SSID but Windows 10 users can connect. Using the old SHA1 certificate, both Windows 7 and 10 users can connect. Windows 7 machines are saying "a certificate is required to connect
to <SSID>". even though the certificate is already installed.

Changing the Authentication from "User" to "Machine" Authentication, the windows 7 laptop responds and attempts to connect on the Cisco ACS. 

Cisco TAC says
"ACS is properly configured, but as explained before we are not reaching the TLS handshake between ACS and windows machine since the windows machine is not responding to the WLC EAPOL packet."

What could be the problem on the windows 7 machine? Do we need to upgrade something?

Read other answers
RELEVANCY SCORE 62.8

We have a DLink wireless router and added a N300 usb adapter to a computer in the basement. Loaded all drivers etc. it is recognized but when attempting to connect wirelessly it connects briefly and then disconnects.

It says - unable to find certificate to log you on to the network- dlink

We were asked for the password which we correctly entered. It does have weak signal strength. That computer runs windows xp.

Not sure what to do from here
 

A:certificate ?

Does it work at all w/o encryption?

Please attach a screen shot of the Networks page of the Xirrus Wi-Fi Inspector.
 

Read other 1 answers
RELEVANCY SCORE 62.8

i am using windows xp 2000, i keep getting pop up about a security certificate, when i change settings to disable certificates and security alerts they still keep popping up. unable to even download lavasoft what to do. when i toldsystem to put all certificates in a store now i cannot even access my yahoo.com, i tried to restore system to earlier time and that didnot work either
 

A:certificate

Read other 16 answers
RELEVANCY SCORE 62.8

We've shipped an server (Proliant DL380 G7) and a switch (Procurve j9836A) to China.But the Chinese government/customs are holding up are whole container shipment, because of missing CCC certificates. Where can I obtain these certificates. I've called with HPE on serveral numbers. Spoke with several people. With each call I've given the start information like my name etc. This took 6 times 5 minutes. But still getting no where. All tech support and phone support is outsourced to India or something. Sadly they only ask information over and over again, but are not helping me with the actual request. Please, can someonetell me how to obtain CCC certificates for my HP hardware. It can't be true that HPE itself cannot help me with this. It are theire products. 

Read other answers
RELEVANCY SCORE 62.8

I am getting a SSL Certificate not trusted has self-signed- signed SSL Certificate. Also the virus pretty much does what ever it wants. If anyone good tell me what I need to do to take care of this problem I would be truly grateful. Thanks !!!
 

A:SSL CERTIFICATE

You can post your problem here Malware Removal Assistance

Please read the following before doing so

Preparation Guide Before Requesting Malware Removal Help

Piracy

***READ ME BEFORE POSTING IN THIS FORUM***
 

Read other 1 answers
RELEVANCY SCORE 62.8

My problem is with my android Galaxy S7 Mobley phone so I might be in the wrong place to even receive any help. If I am please forgive me for my mistake. If I am in the right place I would be truly grateful for any advice anyone can give me. Thanks So Much For Your Time & Help !!!!
 

Read other answers
RELEVANCY SCORE 62.8

Hello ,I need ACER CE certificate (Acer TMP273) . To whom can I contact?

Read other answers
RELEVANCY SCORE 62.8

hi sir/madam! each time i open my internet explorer a message displays and says my certicate should be install and gives me an option if i should proceed,.but everytime i install the certificate,again its just repeating (view certificate,install certificate)=( what should i do?pls help me=)
 

A:certificate

Since the response to your post has been underwhelming, you might try posting on one of the software forums.
 

Read other 2 answers
RELEVANCY SCORE 62.8

whenever the windows start up an error appear and say
 
" an attempt to add the root certificate to all known browsers on your computer failed "
 
 
The pc work well but i want to get rid of that error
 
Thanks

A:something about certificate

What browsers are you using?
All browsers download a set of safe and expired certifications, which are used for secure communications over a web browser -- whenever you see https in the url window, for example, the browser is using certificates to ensure that the data is encrypted and, more importantly, that the web site you are logged in with is in fact the genuine article and not an imposter.
This error will crop up sometimes when new software is installed, or you are hosting web pages with a self-signed certificate. Have you installed any new software lately? Also, any info on your OS and computer would be useful, along with any other error messages you may be getting.

Read other 4 answers
RELEVANCY SCORE 62.8

We have some Win 7 clients on our network and same updated OS and IE on them. When we connect to a secure website (HTTPS) from mentioned clients, we will see various reactions; some of them connect and open website
normally and others show security caution which included "there are issues with the site's certificate chain(net::ERR_cert_authority_invalid)
It is necessary to add this item that I checked certificate publisher on IE and find the intermediate certificate authority of certificate chain in website can not be seen in clients  have problem.

How is it possible from same updated OS and IE clients, we can see different messages?
How can I solve this issue?

Read other answers
RELEVANCY SCORE 62.8

Can you help. I was rung yesterday by someone who said they were in charge of my pc ssl certificate. They asked me to verify my computer number, so they told me what it was and it was my number. They went on to say that my computer had been reporting errors to them. They thought that it could be my PC ssl certificate had expired. Having had a number of computers over the years I have never heard of this. Can you verify that each computer should have its own ssl cerficate. And if they do what is my best solution.
Thanks
 

Read other answers
RELEVANCY SCORE 62.8

Hi,

My dad owns a small business website and he's being told that he should get an ssl certificate. I'm supposed to be in charge of these things for him, but my knowledge in this area is hardly better than his, and even after reading guides I'm really confused by it all.

The website has zero user submitted data - no e-commerce, no log ins, not even a contact form. He's being told that come July Google will start warning people that the website is not secure. Will they really do this across the board or just on the pages where it's necessary? I know having https is supposed to boost Google rankings which would be good but is it really worth the hassle?

If I do go ahead I don't know how to go about it. The website is created with Webeden and the domain name host is 123-reg. I see there are options to get a free certificate but I don't know where or how I would install it and I doubt I have the right level of access. It looks like the most straightforward option is through 123-reg. I assume they would install it automatically but I'm not sure if something has to go through Webeden as well? 123-reg charge 30 a year after the first year - it could be worse, but for a small business any cheaper options would be appreciated!

Sorry for the long post and thanks in advance for any advice
 

Read other answers