Rejected client certificate by the server

Similar Messages

• Provide steps to send Root CA certificate to the Lync client, getting error" There was a problem verifying certificate from the server"

  Hi,
    I Build an Lync 2013 set up with FEpool, Director pool and Exchange server is integrated. I have windows 8 client machine, with Lync client installed. When I try to login to the lync client, I am getting error like"There was a problem verifying
  certificate from the server".
  When I installed ROOT CA cert  manually on client machine I am able to login to the lync client. similarly if I add my client machine in my domain, I am able to login to the Lync client.
  Now is there any other way to send the certificate automatically to the client machine (Which are NOT part of the DOMAIN) from the server, instead of manual installation process.
  Please help me troubleshoot this problem

  Agree with S Guna, there is no easy way to push a certificate automatically to a client that you don't control other than building an installer package and asking them to run it.  In this situation, if there are a lot of non-domain joined machines
  a third party certificate is the way you need to go.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications

• Lync 2013 mobile client. Can't verify the certificate from the server. Please contact your support team

  We upgraded Lync Server 2010 to Lync 2013.
  Users are able to login on desktop clients but unable to connect on mobile client. We get following error message:
  Can't verify the certificate from the server.
  Please contact your support team

  Please check the Root CA is installed on your mobile device.
  Can you sign in externally?
  Please check you have updated the DNS records for Lync mobile autodiscover service.
  Lisa Zheng
  TechNet Community Support

• Lync 2010 Certificate Issue - "There was a problem verifying your certificate from the server"

  Greetings.
  My Issue:
  Lync 2010 client does not connect to server;error displayed "Cannot sign into Lync. There was a problem verifying the certificate from the server."
  Description:
  The client is running on my Windows 7 box, and my CA server is a Windows Server 2003 box. I have installed the hotfix on the Server 2003 box to update the Web Enrollment portion of CA to allow for newer clients (Vista and 7) to receive certificates from
  this server. 
  Lync server is running on Server 2008 R2 STD, installation was a success.
  The Windows 7 box is a part of the domain.
  I have manually exported the Root CA from my Enterprise CA server from
  Trusted Root Certification Authorities -> Certificates and imported into the same location on my Windows 7 box. 
  If I look at the certification path on the Root CA, on my Windows 7 box,  it says "The certificate is OK." The same goes for the servers involved. 
  Still nothing.
  I have read the other forum posts on here about people having success once they manually import the Root CA from the Enterprise CA server, but this is not my case here. 
  All certificates are successfully assigned on the Lync server box; however, I did have to manually import the Root CA into Lync server's
  Trusted Root Certification Authorities -> Certificates before I could successfully assign them. Had to do this on another deployment I completed, so I didn't think anything of it.
  To recap: it seems that even with my Root CA imported into my Windows 7 box I can still not connect to my Lync server with the client, and I get the error message "There was a problem verifying the certificate from the server."

  Solved
  Solution :  Export certificate from Lync Server Start > Administrative Tools > IIS > Server Certificate > Export >   abc.pfx   save it,  Copy and place the certificate where Ms Lync 2010 client is installed or getting certificate
  error.  Follow these steps on client machine to install certificate 
  Run > mmc > add or remove snap in > certificates > computer account > local computer >finish > ok > expand Certificate > Trusted Root Certification Authorities > Certificate > All task > Import > copy abc.pfx certificate
  and delete unnecessary certificate from there.
  Restart Client machine and open microsoft Lync client 2010 and open option menu > Personal > Advanced > choose Auto Configuration > save ok

• There are no client certificates in the 'my' store

  I am trying to make a Workgroup Client connect to Internet MP/DP Role server. Client installation commandline is below and it works fine.
  D:\SCCM_Client>ccmsetup.exe /usePKICert /NoCRLCheck CCMHOSTNAME=inetxxxx.XXXX.com DNSSUFFIX=xxxxxx.com SMSSITECODE=B12 CCMALWAYSINF=1 SMSMP=https://inetxxxx.xxxxx.com
  However I get the following error - "there are no client certificates in the 'my' store"
  When I import the Client Certivicate (.cer) to Personal store, I get the following warning and client still does not connect to iNERNET MP/DP.
  Certificate [Thumbprint ED7512EB87DD73558BB510E739DDCD986D355C50] issued to 'XXXXXEUC99.corp.XXXXX.com' doesn't have private key or caller doesn't have access to private key.
  Any pointers please?

  You need to create a certificate for that machine including the private key (as also mentioned in the error). See for example this post (it's about ConfigMgr 2007, but the certificate part is still the same):
  http://www.petervanderwoude.nl/post/how-to-install-a-configmgr-client-on-a-workgroup-computer-when-the-configmgr-site-is-in-native-mode/
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• There was a problem verifying the certificate from the server

  i can not sign in to my lync server in client user and the error message is "There was a problem verifying the certificate from the server".
  i can sign in in my lync server by any account but i can not sign in in other pc clients.

  Hi,there,
  Just some additional info...
  Please go through the following old threads with the same error message
  http://social.technet.microsoft.com/Forums/en-US/ocscertificates/thread/19d74620-9ea8-4f19-bc01-25387e4ee380/
  http://social.technet.microsoft.com/Forums/en-US/ocscertificates/thread/7a973094-6cd1-4f3f-9af0-6d330a9b8428 
  http://social.technet.microsoft.com/Forums/en-US/ocscertificates/thread/4034e791-6c3c-4c35-b936-bca734204fd4/ 
  Hope these helpful!
  B/R
  Sharon
  Sharon Shen
  TechNet Community Support
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.

• When I attempt to access my IRA account on line, I get a message saying that the web site requires a client certificate. The certificates listed in the drop down dialog box don't get accepted, even though one is indicated as valid and good until 10/2014.

  When I attempt to access my IRA account on line, I get a message saying that the web site requires a client certificate. The certificates listed in the drop down dialog box don't get accepted, even though one is indicated as valid and good until October 2014. I contacted the IRA account managment company and they sais it's an Apple issue. Any ideas?

  Some websites require a special client certficate for access. If you don't have that certficate, you'll have to contact the site operator to find out how to get one.
  Sometimes the problem is caused by a web server that is configured to request an optional client certificate. Safari treats the request as mandatory. In that case, other browsers such as Firefox and Chrome may be able to connect to the site, because they ignore the request.
  The first time you were prompted for a certificate, you may have clicked through a dialog that requested access to the Apple certificate in your keychain that is used to secure the iMessage service. In that case, you may be able to regain access to the site in Safari by doing as follows.
  Back up all data.
  Double-click anywhere in the line below on this page to select it:
  com.apple.idms.appleid.prd
  Copy the selected text to the Clipboard by pressing the key combination command-C.
  Launch the Keychain Access application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Keychain Access in the icon grid.
  Paste into the search field in the Keychain Access window by clicking in it and pressing the key combination command-V. An item may appear in the list of keychain items. The Name will begin with string you searched for, and the Kind will be "certificate."
  Delete the item by selecting it and pressing the delete key. It will be recreated automatically the next time you launch the Messages or FaceTime application.
  The next time you visit a site that prompts for an optional client certificate, cancel out of the prompt. You may have to do this several times before the server stops asking.
  Credit for this idea to Christian Braukmueller of SAP.

• My 4th generation iPod Touch won't let me get on to the App Store. When I log on to iTunes, an alert pops up that says the certificate for the server is invalid, and that it may be a server pretending to be iTunes. What should I do?

  My iPod won't let me on to the App Store, and whenever I go on to ITunes, an alert pops up that the certificate for the server is invalid, and that I may be connecting to a server that is only pretending to be iTunes.apple.com and my personal info may be at risk. I downloaded an emulator yesterday from coolroms.com but deleted the app this afternoon. I cleared my safari search data, my cookies and data, and web inspector, which still didn't work. I then proceeded to reset my iPod and then download the newest version of IOS 6.1.5 but yet still am having problems. Also to the App Store and iTunes, several other apps aren't working. Any help here?

  Also, when I go on to safari, another alert pops up that safari cannot verify the identity of the website, anything that I type in to as common as google.com. It gives me 3 options to either cancel, look at details, and continue. I've looked at the details of the website of Google and it is legitimate the site. Any help?

• Unable to initialize the Microsoft Exchange Information Store service because the clocks on the client and on the server machine are skewed

  Each time I restart this exchange server, the Information Store and System Attendant don't start. If It try to manually start the services, I get the follow errors:
  Event ID 5003:
  Unable to initialize the Microsoft Exchange Information Store service because the clocks on the client and on the server machine are skewed. This may be caused by a time change either in the client or the server machine, and may require a reboot of that machine. Other than that, verify that your domain is properly configured and is currently online.
  Event ID 1005:
  Unexpected error The clocks on the client and server machines are skewed. ID no: 80090324 Microsoft Exchange System Attendant  occurred.
  The clocks on the domain controllers and the exchange server are set to the same time zones. As well, all three clocks are in sync down to the second. Any ideas on what's causing this and how to fix it?

  Run this Command from the Exchange Server
  Net time \\ADServerName /Set
  and confirm the action,
  and then you need to restart the service
  Microsoft Exchange Active Directory Topology Service
  and confirm you are not getting the Error 4001 in the event Viewer.
  Thank you, it resolved my issue after being sweating looking for solution.
  How can I prevent this from happening? I cannot restart services on each server reboot nor lose 5 years of my life!!!
  Sokratis Laskaridis MCP, MCTS, MCITP, Small Business Specialist Netapp ASAP, Symantec STS

• CA issue - Workstation signin "There was a problem verifying the certificate from the server"

  Hi,
  We have issues with all workstations on our domain. I just recently setup Lync 2013 server on a windows 2012 OS. When I went to test sign-in, I received a message "There was
  a problem verifying the certificate from the server". To fix this issue, I had to download the cert and import it into Trust Root Certification Authorities on the local workstation. This will be impossible if I have to do this for multiple machines.
  Is there a way around  this? Why is it asking to do this?
  Thanks guys, much appreciated.
  MM

  You can follow the instructions here to use Group Policy to install your root certificate to all your workstations.
  Or you could re-deploy your CA as an Enterprise CA.
  Hi Georg,
  Thank you for your reply.
  I did deploy my CA as an Enterprise CA..... Not sure why its still asking me to install on workstations?
  How can I confirm its an Enterprise CA?
  Thanks,
  MM

• The SSL certificate of the server is expired

  Today, I accessed Beehive Online via Oracle Beehive Extentions for Explorer.
  I cannot use Beehive Online with error message "The SSL certificate of the server is expired".
  How should I do?

  We're looking into it, meanwhile you can use a Webdav connection.
  Thanks,
  Jereen

• An error occurred searching the certificates for the server. ...

  Hi,
  I am using DSEE 6.2 in Fedora 7
  Each time I access the "Security" tab of my server in DSCC. I get the following error:
  "*An error occurred searching the certificates for the server. An authentication error occurred connecting to xxxxx. Check that the User ID and password are correct*"
  I need to click the "Click here to update authentication" link in the same tab and enter the User ID and password for the user that create the server. The error will gone for this session but reappear as I start a new session in DSCC

  This looks like a known bug. Please log a support case so this can be investigated further
  http://sunsolve.sun.com/search/document.do?assetkey=1-1-6537622-1

• Installed certificate And testing online shows no certificate in the server.

  I just got a new server certificate for some web services of my server 2003, but after installing it I keep getting that there's no certificate in the server with tools like https://www.sslshopper.com/ssl-checker.html and https://www.digicert.com/help/
  My server is: remote.visaustralia.com
  and what I did was the following:
  I imported the certificate in the "certificates" complement of the Management Console. Then in the IIS I selected my default website>Directory Security>Server Communications and added my server certificate.
  And
  (Pictures are at 50% size, if you need to see details just right click it and open in new window) I would appreciate any help on this matter. 

  Hi,
  This is not a DNS/DHCP/IPAM question, but I will try to help.
  In addition to importing the certificate you must also bind it to port 443.
  https://www.digicert.com/ssl-certificate-installation-microsoft-iis-7.htm
  Thanks
  -Greg

• While logon to lync it gives error " there was a problem verifying the certificate from the server "

  i already go through all threads related to my question. but not even one thread is satisfying my question  ok my problem is again the same it gives me error as i mentioned in title. client OS is XP. actually can somebody tell  me which certificate
  i should import in which name of certificate group.
  N ya why error has occur. help me 
  thanks in advance 
  jayesh rohit

  You'll want the CS root certificate in the trusted root certificate authorities area of the machine store (vs the user store).  If there are any subordinate CAs with intermediate certificates, put them in the intermediate certification authorities area. 
  Verify that the certificate has the correct SANs for you server.  Did you generate the certificate from the deployment wizard, did you check the box for the sip domains as you went through the wizard?  Is the certificate internally signed by your
  certificate authority?  Are you attempting to connect internally or externally when you see the issue? 
  Can you confirm that your SRV records for _sipinternaltls._tcp.domain.com have the correct port and hostname and that the hostname is also resolvable?  Can you do the same for _sip._tls.domain.com?
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications

• Office Communicator 2007 "There was a problem verifying the certificate from the server" issue

  Hello,
  Last Friday is when this error first started. This is effecting all users. I am new to this position and am unfamiliar with how the Communicator server is setup. I am unsure as to where to look and where to start. We are using Office Communicator 2007 R2
  running on a VM with Server 2003 R2. This is the only application being used on this host. Any ideas on where to start looking?
  Thanks for the help

  Hi Jenebo,
  Looks like you did not install the CA install your client PC.
  Access you enterprise CA server, like
  http://dc.server.com/certsrv, download the certificate chain and intall it.
  If it still can not work, please check you use automatic configuration to login your ocs client and you can resolve the SRV record to correct srv hostname using Nslookup.
  If you use manual configuration, please do not use IP address of of FE.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
  I issued a certificate off of the server running OC 2007; I do not have a dedicated CA server. How would I pull the crtificate off of that server and install it on my clients (server name is SFBlackberry)?
  By the way, half of the clients worked after I renewed the CA on the server and the other half are the ones I am having problems with.
  Thanks for your help...as you can tell I am new to OC and really appreciate your help.