on 01-24-2010 8:18 AM
When accessing the Portal , we are getting a specific certificate error as below:
"The security certificate presented by this website was not issued by a trusted certificate authority".
None of the certificates in the key store of the portal have expired.
ValiCert Class 3 Policy Validation Authority is the root certificate being used.
When I searched on the Service market place, I could not find any Notes pertaining to this specific Root certificate.
Is this Root certificate at First place being supported by SAP?
If yes, is there any specific chaining order to be used for importing of certificates in to the key store if there are intermediate certificates being used?
Thanks in advance.
Hi All,
The issue has been resolved by the proper chaining of certificates and loading the certificates in correct manner into the key store.
Regards,
Murali Narayanan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I am in the process of renewing an Entrust certificate and am recieving the below error.
"The security certificate presented by this website was not issued by a trusted certificate authority".
I have a feeling that it may have the do with the 2048 bit length of the cert or possible the way I imported the new chain certificate.
Did you solve the problem? Any Ideas?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for your response.
I have still not resolved the issue pertaining to the certificate error when accessing the Portal.
Even I have the feeling that the issue is to do with the way the certificates are being imported as a chain into the Portal key store.
But, there is no SAP Note which gives details on how the chaining of certificates has to be carried out for Valicert Certificate.
Regards,
Murali Narayanan
Hi Murli,
More over on this certificate authority from whom you have purchase the certificate can help you to solve this problem.
It seems not an sap problem.
Thanks
Anil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for your reply !
My expectations for posting this query is for understanding the Chaining mechanism to be used when you have say, a root certificate and some intermediate certificates which is what is the case for me as well.
So, how do we import these certificates into the key store of the SAP portal ?
This definitely seems to be an issue from the portal end as when the certificate is added to the browser as also mentioned in one of the posts, the issue gets resolved.So, if the issue was with the root certificate, adding of the appropriate certificate to the browser would not have prevented the warning from appearing.
So, it is clearly a case of how do we import 1) A root certificate 2) two intermediate certificates 3) one certificate , so that chaining mechanism of the root, intermediate and subsequent certificates is always in tact.
Please let me know your opinions on how do we import these 4 certificates to the key store of the SAP portal so that chaining mechanism remains in tact for the case of "ValiCert Class 3 Policy Validation Authority" as the root certificate.
Thanks for all your responses !
Edited by: Murali Narayanan on Jan 25, 2010 3:26 PM
Edited by: Murali Narayanan on Jan 25, 2010 3:27 PM
Hi, Murali!
I believe the problem is that workstation you use for portal access doesn't trust the certificate authority which have signed the portal's certificate. follow [this|http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=feature-18875html&sliceId=&docTypeID=DT_ARTICLES_TIPS_1_1&dialogID=37151931&stateId=0%200%2037153889] to undarstand how this issue could be resolved
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for replying !
Yes, you are right in posting the fact that the same can be avoided by adding the appropriate certificates in the browser.
I have already tried this and am able to avoid this error message when adding the appropriate certificate to my browser.
But, three important things need to be considered here like,
1) If there are large number of users for whom this is affecting, then the same cannot be carried out in the workstation of all these number of users.
2) There must be a specific reason why this is occuring despite of the fact that all the certificates(Root, Intermediate) are in validity only.
3) Based on my search on the Service market place, I had not found even a single valid reference for Root certificate "ValiCert Class 3 Policy Validation Authority".
Hence, I am just wondering if it is more because of the way in which the Root and Intermediate certificates are bundled together before being imported to the Key store.
Thanks in advance for your viewpoints on this !
Edited by: Murali Narayanan on Jan 25, 2010 12:25 PM
If there are large number of users for whom this is affecting, then the same cannot be carried out in the workstation of all these number of users
For intranet:
You can push root certificate to users workstations if you use AD. We are on Novell eDirectory, so we've carried this out via logon scripts. You can find registry key responsible for this root certificat and import it in user's ws when user log on performed
Edited by: Ivan O. Ivanov on Jan 26, 2010 10:22 AM
Thanks for your suggestions !
Requesting you to please suggest solutions based on the chaining mechanism of certificates during importing into the portal.
The pushing of certificates to all the individual workstations is not feasible in my case.
Requesting you to please suggest solutions based on the chaining mechanism of the certificates as i still feel that there must be a specific method by which the root, intermediate and other certificates need to be imported into the portal as a chain so as to avoid this error message.
Regards,
Murali Narayanan
User | Count |
---|---|
84 | |
25 | |
12 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.