CA Certificate is not in the server certificate chain...

Similar Messages

• Has anyone had this problem with VPN iPad vpn connection could not validate the server certificate

  Has anyone had this problem with IPad 3 after upgrade to IOS 7,
  trying to to connect VPN , but I get this messag, "could not validate the server certificate".
  I am trying to connect to Oracle VPN.

  Has anyone found a solution for this yet? I am still getting the could not validate server certificate error. I have tried importing the entire certificate chain as well as importing each individual cert in the chain. My certificate works perfectly with the cisco vpn on my pc.
  This is my first experience owning an apple product, and I am very disappointed with the customer support that I have received. I tried calling the help line and no one would even attempt to answer my question. I was then told that the Mac "geniuses" wouldn't know either and that I may be able to find an answer on the message boards. So I am reaching out to the community...Has anyone been able to figure out how to resolve this issue or even the specific cause? Any help is appreciated.

• "The certificate is not trusted because no issuer chain was provided" error in all browsers for all websites.

  As it says, Chrome, Firefox, and Internet Explorer all give the certificate error message for any and every website attempted - including the Firefox add-ons page. The specific error is the "no issuer chain was provided".
  1) This problem is not on my computer - it is on my mother's computer in another city. Therefore, I cannot attempt every little possibility without flying over there - I'm looking for things I can tell her to do over the phone. The problem started today. I've already given her the list of anti-malware programs to go install and run from here:
  https://support.mozilla.org/en-US/questions/982393
  Note that, of course, she will have to accept the security certificate override to get to these things - I hope this isn't bad.
  2) The problem started after she tried to use Skype, it hung for a very long time and would never log on. So she tried to reinstall it - and she said she clicked through a number of agreement screens and believes she may have installed malicious 3rd party software. This is ridiculous, is Skype now putting malware on people's computers through these bogus 3rd party add-ons at installation? I suppose it is possible Skype was hanging because of some other problem - but she did manage to reinstall Skype and got it to work (but now her internet certificates won't).
  3) She has BitDefender. I am aware that it says here:
  https://support.mozilla.org/en-US/kb/connection-untrusted-error-message
  that she should turn off SSL scanning. She turned it off, it did not solve the problem. She turned it off and restarted, it did not solve the problem. She has had it on for the past 6 months and it has never caused a problem.
  4) In addition, BitDefender reported today that it stopped a malicious program called MySearchDial.exe from attempting something it shouldn't. We went through this removal guide:
  http://malwaretips.com/blogs/start-mysearchdial-removal/
  however, the software MySearchDial was never actually installed into the windows install list, and we did not find any addons/plugins in any of the browser lists (note that Firefox add-ons cannot be accessed with a certificate error, it gives the error message but DOES NOT give you the option to add an exception so you can't access the add-ons). The only thing we found was (a) MySearchDial was default in the IE search engine list, despite there being no add-on, and (b) MySearchDial.exe was in the temp folder (now deleted). I note that I had BitDefender scan the temp folder *before* I deleted MySearchDial.exe, and it claimed no threats were found. What? It was BitDefender that warned me of it in the first place!
  5) Time and date are correct.
  6) Checked the Win 7 install log, only Skype, Skype Click-to-Call, and (for some reason) Mircosoft Visual Studio 2010 and Visual C++ were installed or altered today. I got paranoid about Click-to-call and asked her to uninstall it, but it didn't solve the problem.
  7) The OS is Win7 64bit Home.
  Anything beyond endless Malware removal programs (via list linked above) that we should try?

  The only way to know what is going on is to retrieve the certificate and check who is the issuer.<br />
  It is always possible that the server doesn't send the full certificate chain (intermediate certificates), so it might help to post a link to this website
  Check the date and time in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
  Check out why the site is untrusted and click "Technical Details to expand this section.<br>If the certificate is not trusted because no issuer chain was provided (sec_error_unknown_issuer) then see if you can install this intermediate certificate from another source.
  You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
  *Click the link at the bottom of the error page: "I Understand the Risks"
  Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
  *Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.
  You can see more Details like intermediate certificates that are used in the Details pane.
  If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
  *Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.
  *Note that it is not recommended to add a permanent exception in cases like this, so only use it to inspect the certificate.

• Certificate does not contain the correct site name

  Hello,
  I have to make a midlet that connect to a tomcat 5.5.9 server with ssl.
  I import the certificate whit tomcat alias in the wireless toolkit but when i run the midlet this error appear: Certificate does not contain the correct site name
  import java.io.*;
  import javax.microedition.midlet.*;
  import javax.microedition.io.*;
  import javax.microedition.lcdui.*;
  public class HelloNet extends MIDlet implements CommandListener , Runnable{
  // User interface command to exit the current
  // application.
  private Command exitCommand = new Command("Exit",
  Command.EXIT, 2);
  // User interface command to issue an HTTP GET
  // request.
  private Command getCommand = new Command("Get",
  Command.SCREEN, 1);
  /// The current display object.
  private Display display;
  // The url to GET from the 'net.
  private String url;
  * Initialize the MIDlet with a handle to the
  * current display.
  public HelloNet() {
  url = "https://127.0.0.1:8443/Hello.txt";
       display = Display.getDisplay(this);
  * This lifecycle method should return immediately
  * to keep the dispatcher
  * from hanging.
  public void startApp() {
       showPrompt();
  * Display the main screen.
  void showPrompt() {
  String s = "Press Get to fetch " + url;
  TextBox t = new TextBox("Http Result", s,
  s.length(), 0);
  t.addCommand(exitCommand);
  t.addCommand(getCommand);
  t.setCommandListener(this);
       display.setCurrent(t);
  * pauseApp signals the thread to stop by clearing
  * the thread field.
  * If stopped incorrectly, it will be restarted from
  * scratch later.
  public void pauseApp() {
  * destroyApp must cleanup everything. The thread
  * is signaled
  * to stop and no result is produced.
  * @param unconditional is a flag to indicate that
  * forced shutdown
  * is requested
  public void destroyApp(boolean unconditional) {
  * commandAction responds to commands
  * @param c command to perform
  * @param s Screen displayable object
  public void commandAction(Command c, Displayable s) {
       if (c == exitCommand) {
       destroyApp(false);
       notifyDestroyed();
       } else if (c == getCommand) {
            Thread th= new Thread (this);
            th.start();
  * Read the content of the page.
  public void run() {
  TextBox t = null;
  StringBuffer b = new StringBuffer();
  HttpsConnection c = null;
  InputStream is = null;
       try {
       int len = 0;
       int ch = 0;
       System.out.println("Cerco di leggere");
  c = (HttpsConnection)Connector.open(url);
  c.setRequestMethod(HttpsConnection.GET);
       is = c.openInputStream();
  // length of content to be read.
  len = (int) c.getLength();
  if (len != -1) {
  // Read exactly Content-Length bytes
  for(int i=0; i<len; i++) {
  if((ch = is.read()) != -1) {
  b.append((char) ch);
  } else {
  // Read until connection is closed.
  while((ch = is.read()) != -1) {
  len = is.available();
  b.append((char) ch);
  t = new TextBox("Https Result", b.toString(),
  b.length(), 0);
       } catch (Exception e) {
  e.printStackTrace();
  String s = e.toString();
  if(s != null) {
  t = new TextBox("Https Error", s, s.length(),
  0);
  } finally {
  if (is != null) {
       try {
            is.close();
       } catch (Exception ce) { }
  if (c != null) {
       try {
            c.close();
       } catch (Exception ce) { }
  display.setCurrent(t);
  }

  re: code tags, please see http://forum.java.sun.com/help.jspa?sec=formatting.
  As for the rest:
  See, we now know that you used keytool to generate you certificate. You need a new certificate. This time, when keytool asks you for a first and last name, type 127.0.0.1.

• How to get the Server Certificate Chain File?

  Hi all,
  I config the SSL for weblogic 6.0 on a Win2k Machine .I followed WebLogic
  documentation:
  Generate a private key file, then submit to Verisign, get the certificate
  file.
  Because I have only one WebLogic server. I clear the "Server Certificate
  Chain File" field.
  But I get error message after reboot WebLogic. Following is the error
  message:
  <2001-1-21 04:57:56 pm> <Alert> <WebLogicServer> <Inconsistent security con
  figuration, java.lang.Exception: Required file server-certchain.pem which is
  spe
  cified by ServerCertificateChainFileName, was not found>
  java.lang.Exception: Required file server-certchain.pem which is specified
  by Se
  rverCertificateChainFileName, was not found
  at
  weblogic.t3.srvr.SSLListenThread.resolvePropertyFromLocalFile(SSLList
  enThread.java:152)
  at
  weblogic.t3.srvr.SSLListenThread.resolvePropertyFromAdminServer(SSLLi
  stenThread.java:180)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:425)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:939)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  My question is: Should I input the rootCA certificate into the Server
  Certificate Chain File field? If yes, where can I get the rootCA certificate
  file?
  Thanks

  [sorry, deleted irrelevant wrong answer]

• Device Enrollment - Error: The server certificate for "myserver" is invalid?

  Hello,
  I am attempting to enroll my iPhone in the Lion Server Profile Manager.  I have aquires and SSL certificate on my Lion Server but do not have a code signing certificate. From my iPhone, I can log into http://myserver.mydomain.lan/mydevices and log in using my AD credentials when I try to install the Device Enrollment Profile I am prompted with the following message: The server certificate for "https://myserver.mydomain.lan/devicemanagment/api/device/ota_service" is invalid.
  Not sure how to get around this...
  I am using AD with an extended schema and was not sure if MDM absolutely requires OD credentials or if I could use my AD credentials when enrolling a device.  I was also unsure if I needed the code signing certificate which appears to be a bit pricey from Go-Daddy.  I am just test bedding MDM and do not wish to go through the expense of a code signing certificate at this point.
  Has anyone else encountered this problem?
  Thanks,
  Ray

  Not sure if this will help, but we encountered the same problem.  Our workaround was to click on the "Profiles" tab & install the Trust Profile first (not the Everyone Profile) and then enroll the device.  That seemed to work, but I don't know what's causing that error message.  Hopefully someone with more knowledge than me can answer that one.

• Why does a reboot set the modified-date of the server certificate?

  I was inspecting my certificates and noticed that the certificate I use for my server had a modified date of Dec 12, whereas it was created around April of this year.
  Dec 12 saw a reboot of my server and adding the `uptime` to the 'modified date' of the certificate gets me to 'now'. So, it seems a reboot sets the modified date of the server certificate. Can someone confirm this and does anybody know wht this is the case?

  Yes, I found the same tricks but if I only set pereferred width. the result is not that I expected. so I use the following code to do it:
           tc.setPreferredWidth(maxsize+5);
           tc.setMaxWidth(maxsize+5);I don't know why must I add 5 point to display the string completely.

• Cannot open install assistant.  I get this error message: The application cannot be installed due to a certificate problem.  The certificate does not match the installed application certificate, does not support application upgrades, or is invalid.  Pleas

  How can I downloade a trial of Adobe Elements 12? 
  I followed the instructions to download assistant...but get this message: The application cannot be installed due to a certificate problem.  The certificate does not match the installed application certificate, does not support application upgrades, or is invalid.  Please contact the application author.

  Hi alposer,
  Please remove the copy of the Adobe Download Assistant you currently have installed and then reinstall the Adobe Download Assistant.
  Regards,
  Rave

• Com.adobe.flashaccess.sdk.cert.ServerCredentialException: Certificate does not have the required ext

  [ Problem ]
  I’m running the sample encryption code and I’m running in to this exception:
  "com.adobe.flashaccess.sdk.cert.ServerCredentialException: Certificate does not have the required extended key usage".  I tried looking it up on javadocs but it doesn’t really tell me what’s causing it.  I get this error when encryptContent is called.  Is this something in my settings/environment or something with the certificates?
  [ Solution ]
  If you are using the EncryptContent.java sample code, please check which credential you are using for the "packagerCredentialFile" variable.  Make sure this is pointing at the .pfx file containing the packager credential.

  [ Problem ]
  I’m running the sample encryption code and I’m running in to this exception:
  "com.adobe.flashaccess.sdk.cert.ServerCredentialException: Certificate does not have the required extended key usage".  I tried looking it up on javadocs but it doesn’t really tell me what’s causing it.  I get this error when encryptContent is called.  Is this something in my settings/environment or something with the certificates?
  [ Solution ]
  If you are using the EncryptContent.java sample code, please check which credential you are using for the "packagerCredentialFile" variable.  Make sure this is pointing at the .pfx file containing the packager credential.

• Could not access the digital certificate. could not load keystore file (password may be incorrect)

  I am trying to create my IPA, I have gone through all the steps to create my certificates etc from Apple but keep getting the above error message when I try to publish my file.  (I am using the Flash CS5 iphone packager, not the command line)  Mac OSX
  Here is the tutorial I am following: http://help.adobe.com/en_US/as3/iphone/WS789ea67d3e73a8b2-240138de1243a7725e7-7ffc.html
  What are some things to try to troubleshoot?
  Thanks!

  Hi All!
  I’ve just finished an application but I’m having problems generating the .BAR file that I want to submit to the AppWorld. These are the commands I’m executing
  First - "C:\Program Files (x86)\Adobe\Adobe Flash Builder 4\sdks\blackberry-tablet-sdk-0.9.3\bin\blackberry-keytool" -genkeypair -keystore bbDevCertificate.p12  -storepass myPass -dname "cn=Company" -alias " Company "
  Second  - "C:\Program Files (x86)\Adobe\Adobe Flash Builder 4\sdks\blackberry-tablet-sdk-0.9.3\bin\blackberry-airpackager" -package AppName_signed.bar AppName-app.xml blackberry-tablet.xml AppName.swf splash.png icons/icon128.png
  Finally  - "C:\Program Files (x86)\Adobe\Adobe Flash Builder 4\sdks\blackberry-tablet-sdk-0.9.3\bin\blackberry-signer" -verbose -cskpass myCSKPass -keystore bbDevCertificate.p12  -storepass myPass AppName_signed.bar RDK
  My blackberry-tablet.xml is:
  <qnx>
      <initialWindow>
          <systemChrome>none</systemChrome>
          <transparent>false</transparent>
      </initialWindow>
      <publisher>Company</publisher>
      <category>core.games</category>
      <icon>
          <image>icons/icon128.png</image>
      </icon>
      <splashscreen>splash.png</splashscreen>
  </qnx>
  The problem comes at the first step. I'm using Flash Professional CS5. When I generate the p12 certificate and I try to export my app using that certificate and the password that I've set, it gaves me the next error:
  "Error creating files.
  Could not access the digital certificate. unable to retrieve key (password may be incorrect)"

• Firefox4: every add-on/extension gives the same error: "Secure Connection Failed - The certificate is not trusted because no issuer chain was provided".

  These are all certs from static.addons.mozilla.net. Even if I add a security exception it does not help
  '''Secure Connection Failed
  static.addons.mozilla.net:443 uses an invalid security certificate
  The certificate is not trusted because no issuer chain was provided
  (Error code: sec_error_unknown_issuer)
  This could be an error with the servers configuration,...
  If you have connected ...'''

  Do you have something like BrowserSafe, Browser Safeguard, or Safeguard installed on your machine?
  If so, get rid of it.

• The certificate is not trusted because no issuer chain was provided - firefox only

  Hi,
  I'm trying to get my website:
  https://mgmt.pixafix.com/
  and I'm getting the following error:
  This Connection is Untrusted
  mgmt.pixafix.com uses an invalid security certificate.
  The certificate is not trusted because no issuer chain was provided.
  (Error code: sec_error_unknown_issuer)
  This is my website, and I've installed the certificate 2 month ago. I didn't check it using Firefox until now.
  Firefox enter all other HTTPS website. All other browser entering my https domain with no warning.
  Tested on 2 different machines:
  Ubuntu - Firefox not working, Chrome - working fine (without any warning)
  Mac - Firefox not working, Safari - working fine (without any warning)
  I've tried the solutions described here:
  https://support.mozilla.org/en-US/kb/connection-untrusted-error-message#w_the-certificate-is-not-trusted-because-the-issuer-certificate-is-unknown
  And unable to use this solution because no firewall installed:
  https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message#w_the-certificate-is-not-trusted-because-no-issuer-chain-was-provided
  Thanks in advance for any help,
  Ziv

  Thanks sahilnmmt but it not helping.
  I'm downloaded the EssentialSSLCA certificate and import it into firefox using:
  Advanced > View certificate > Authorities > import
  Didn't check any checkbox there.
  Restarted my Firefox, and still getting the same message.

• Site name) uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)

  I am working with Firefox 35.0 I get the security certificate error message of site name) uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer).
  This happens on each page that I go to. I can pull the page up with no problem with Explorer. Please Help. I don't have any security software that would be stopping or scanning SSL.

  Check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
  Check out why the site is untrusted and click "Technical Details" to expand this section.
  If the certificate is not trusted because no issuer chain was provided (sec_error_unknown_issuer) then see if you can install this intermediate certificate from another source.
  You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
  *Click the link at the bottom of the error page: "I Understand the Risks"
  Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
  *Click the "View..." button and inspect the certificate and check who is the <b>issuer of the certificate</b>.
  You can see more Details like intermediate certificates that are used in the Details pane.
  If <b>"I Understand the Risks"</b> is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
  *Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.
  *Note that it is not recommended to add a permanent exception in cases like this, so only use it to inspect the certificate.

• Getting error "The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)"

  I am using site "https://www.ultimatix.net" for learning purpose. This site directs to another site for web based learning, which is "icalmscontent.ultimatix.net". It is giving error "icalmscontent.ultimatix.net uses an invalid security certificate.
  The certificate is not trusted because no issuer chain was provided.
  (Error code: sec_error_unknown_issuer)",
  and there is no button to add exception. Please help.

  hello nitin2joy, the "add exception"-button is not accessible on framed pages for security purposes (to avoid phishing/impersonating by malicious sites).
  in case the page you're trying to access is embedded in an iframe, right-click the error page, click on "this frame" > "show only this frame" and hopefully you can add an exception in the next step. this should only be necessary once if you choose to permanently store the exception.

• Transport certificate does not have the correct issuer or is expired

  Hi all,
  I hope this is not a duplicate question.
  We are assisting a partner company set up the Flash Access ecosystem.  They have asked us to help packaged some content for them using certificates issued to them.  I've been trying to package content that works fine when using our certificates but I keep getting this error : Transport certificate does not have the correct issuer or is expire when I try to package with their certificates.
  The certificate has not expired.  That was the first thing I checked.
  Has anyone run into this error?  I am using the reference implementation for packaging if that helps.
  Thanks.
  Pedro.

  Hi Katherine,
  Thanks for responding. 
  Indeed I do have the adobe-flashaccess-certs.jar in my path.  I was able to package with a certificate issued to our own company.  Our Certificates were Trial Certificates.  The ones I am having problems with are test PKI certificates that our partner sent to us so that we can help them out. 
  Please let me know if you need any more info.  I am definitely down with helping someone trying to help me!
  Thanks.
  Pedro.