SSL protocol error.  Certificate is either invalid or common name or authority are not recognized. I

Similar Messages

• SSL Protocol Error. Certificate is either invalid or common name...

  There is only one website I have found that has this issue for us.  It is collegesource.org.  I have worked with their support but so far we have no solution.
  I have Windows Vista with IE7, Firefox 3.6 and chrome 4.0 and Adobe Reader 9.3.
  When I attempt to open the course catalogs for any school on this website it gives me the error below. XP machines on the same network with IE7 can access the PDFs on this site just fine.  We could work around this by just downloading the PDFs and opening them outside of the browser but unfortunately when you right click and try to save the target it is a frame.htm.
  Every search I have done for this error only finds 1 similar post and that problem doesn't have a resolution.
  I also attempted to downgrade to Adobe Reader 8.1 and the error I received was "this computer must be connected to the network in order to open this document"

  So the CN  value should be without the ":8443" addition when creating the cert file?
  Further: Ive installed and trusted the certificate in the personal and the trusted root certifcation auth.
  When opening the URL: https://192.168.1.35:8443/adminui/ in Firefox i get the following error:
  @ IE i get:
  Thanks for looking in to this!

• Can't access ABS URL and autodiscover.sipdomain URLs externally - SSL protocol error

  Problems:
  - Can't sync Address Book for external or internal clients (I can do searches however just fine so I'm not sure what protocol is used to perform those, if not with address book)
  - Can't connect  to Lync mobile.
  What I discovered was common with these issues is when I go to try and manually enter in the browser either:
  https://lyncdiscover.sipdomain.com/ (to test mobile autodiscover connectivity)
  or
  https://"extwebservicesURL"/abs  (to test address book)
  I get same response from google: Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.
  I also ran Test-CsMcxP2PIM and got this:
  TargetUri  : https://pitlyncpool01.pit.local:443/CertProv/CertProvisioningService.svc
  TargetFqdn : pitlyncpool01.pit.local
  Result     : Failure
  Latency    : 00:00:00
  Error      : ERROR - No response received for Web-Ticket service.
               Inner Exception:The content type text/html; charset=utf-8 of the response message does not match the content type of the binding (text/xml; charset=utf-8). If using a custom encoder, be
               sure that the IsContentTypeSupported method is implemented properly. The first 1024 bytes of the response were: '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.o
               rg/TR/xhtml1/DTD/xhtml1-strict.dtd">
               <html xmlns="http://www.w3.org/1999/xhtml">
               <head>
               <title>IIS 7.5 Detailed Error - 500.0 - Internal Server Error</title>
               <style type="text/css">
  And similar result when I test with "Test-CsAddressBookService"
  TargetUri  : https://pitlyncpool01.pit.local:443/groupexpansion/service.svc
  TargetFqdn : pitlyncpool01.pit.local
  Result     : Failure
  Latency    : 00:00:00
  Error      : ERROR - No response received for Web-Ticket service.
               Inner Exception:The content type text/html; charset=utf-8 of the response message does not match the content type of the binding (text/xml; charset=utf-8). If using a custom encoder, be
               sure that the IsContentTypeSupported method is implemented properly. The first 1024 bytes of the response were: '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.o
               rg/TR/xhtml1/DTD/xhtml1-strict.dtd">
               <html xmlns="http://www.w3.org/1999/xhtml">
               <head>
               <title>IIS 7.5 Detailed Error - 500.0 - Internal Server Error</title>
  The only search on google that I found on this is to uninstall IIS and Lync web components and reinstall. Which I tried, but Lync web components wouldn't install back (error), so I restored server back from the snapshot and back to square one..
  Also tried https://www.testocsconnectivity.com to run test on mobile autodiscovery and got this:
  ExRCA is attempting to obtain the SSL certificate from remote server lyncdiscover.sipdomain.com on port 443.
  ExRCA wasn't able to obtain the remote SSL certificate.
  Additional Details
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  Is there anything else I can look into to find out why am I getting these errors? Maybe to try OCS logging utility? But I don't know which components to checkmark for logging..
  Thank you for any help and Happy New Year!
  Sergey

  Hi,
  It seems the web service url is not valid or the web service not function. Is it Lync Standard Edition or Enterprise? Did the mobility issue also happen for external? Have you assigned a public certificate for reverse proxy correctly?
  1. Please go to topology builder and check which FQDN you did put in for internal and external web service. For Lync Server Standard Edition, the internal web base URL should be same with your front end server FQDN.
   If the internal domain name is different with external domain name, for example, your internal domain is contoso.net, but your external domain name is contoso.com. The external base URL should use the contoso.com domain name.
  2. Please make sure the certificate has been assigned on front end server successfully. Please go to Lync Server deployment wizard to check it.
  3. In IIS, please make sure Lync Server Internal Web Site is configured on ports 80 and 443 and Lync Server External Web is configured on ports 8080 and 4443.
  More details about configuring reverse proxy for your reference:
  http://social.technet.microsoft.com/wiki/contents/articles/9807.configuring-forefront-tmg-2010-as-reverse-proxy-for-lync-server-2010.aspx
  If the issue persists, please try to enable logging tool and reproduce the issue to get report for further troubleshooting.
  http://blog.schertz.name/2011/06/using-the-lync-logging-tool/
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information
  found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
  Kent Huang
  TechNet Community Support

• [SOLVED] Unknown SSL protocol error in connection

  Hi there. I'm trying to get a website with curl but i'm getting this error:
  [martriay@atila ~]$ curl -v "https://servicios1.afip.gov.ar"
  * Rebuilt URL to: https://servicios1.afip.gov.ar/
  * Hostname was NOT found in DNS cache
  * Adding handle: conn: 0x20412c0
  * Adding handle: send: 0
  * Adding handle: recv: 0
  * Curl_addHandleToPipeline: length: 1
  * - Conn 0 (0x20412c0) send_pipe: 1, recv_pipe: 0
  * Trying 200.1.116.53...
  * Connected to servicios1.afip.gov.ar (200.1.116.53) port 443 (#0)
  * successfully set certificate verify locations:
  * CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
  * SSLv3, TLS handshake, Client hello (1):
  * Unknown SSL protocol error in connection to servicios1.afip.gov.ar:443
  * Closing connection 0
  curl: (35) Unknown SSL protocol error in connection to servicios1.afip.gov.ar:443
  And when i try with SSLv3:
  [martriay@atila ~]$ curl -3 -v "https://servicios1.afip.gov.ar"
  * Rebuilt URL to: https://servicios1.afip.gov.ar/
  * Hostname was NOT found in DNS cache
  * Adding handle: conn: 0x8032c0
  * Adding handle: send: 0
  * Adding handle: recv: 0
  * Curl_addHandleToPipeline: length: 1
  * - Conn 0 (0x8032c0) send_pipe: 1, recv_pipe: 0
  * Trying 200.1.116.53...
  * Connected to servicios1.afip.gov.ar (200.1.116.53) port 443 (#0)
  * Unsupported SSL protocol version
  * Closing connection 0
  curl: (35) Unsupported SSL protocol version
  That's from my archlinux server, while on my desktop's fedora it works just fine. Both computers are within the same network.
  openssl version:
  [martriay@atila ~]$ openssl version
  OpenSSL 1.0.1e 11 Feb 2013
  openssl connection attempt
  [martriay@atila ~]$ openssl s_client -connect servicios1.afip.gov.ar:443
  CONNECTED(00000003)
  write:errno=104
  no peer certificate available
  No client certificate CA names sent
  SSL handshake has read 0 bytes and written 322 bytes
  New, (NONE), Cipher is (NONE)
  Secure Renegotiation IS NOT supported
  Compression: NONE
  Expansion: NONE
  If I add the -ssl3 option:
  [martriay@atila ~]$ openssl s_client -connect servicios1.afip.gov.ar:443 -ssl3
  CONNECTED(00000003)
  depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO High-Assurance Secure Server CA
  verify error:num=20:unable to get local issuer certificate
  verify return:0
  Certificate chain
  0 s:/C=AR/postalCode=1086/ST=Ciudad Autonoma de Buenos Aires/L=Capital Federal/street=Hipolito Yirigoyen 370/O=ADMINISTRACION FEDERAL DE INGRESOS PUBLICOS/OU=Issued through ADMINISTRACION FEDERAL DE INGRESOS PUBLICOS E-PKI/OU=InstantSSL/CN=servicios1.afip.gov.ar
  i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA
  1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA
  i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
  Server certificate
  -----BEGIN CERTIFICATE-----
  -----END CERTIFICATE-----
  subject=/C=AR/postalCode=1086/ST=Ciudad Autonoma de Buenos Aires/L=Capital Federal/street=Hipolito Yirigoyen 370/O=ADMINISTRACION FEDERAL DE INGRESOS PUBLICOS/OU=Issued through ADMINISTRACION FEDERAL DE INGRESOS PUBLICOS E-PKI/OU=InstantSSL/CN=servicios1.afip.gov.ar
  issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA
  No client certificate CA names sent
  SSL handshake has read 3048 bytes and written 485 bytes
  New, TLSv1/SSLv3, Cipher is RC4-MD5
  Server public key is 2048 bit
  Secure Renegotiation IS NOT supported
  Compression: NONE
  Expansion: NONE
  SSL-Session:
  Protocol : SSLv3
  Cipher : RC4-MD5
  Session-ID: F34244E0C2E402103FC9B7216E504E89761FDAF31CC1AC3A7939BE99AD8D0C57
  Session-ID-ctx:
  Master-Key: 146C91E59E259AD38C1E7A0B8E5DBEAE2D768622DE4045CD927D60A40FF8CA527A2694E227FEE30CC0909ADE0B72B0C8
  Key-Arg : None
  PSK identity: None
  PSK identity hint: None
  SRP username: None
  Start Time: 1389232087
  Timeout : 7200 (sec)
  Verify return code: 20 (unable to get local issuer certificate)
  Any ideas?
  Last edited by martriay (2014-01-09 14:05:02)

  Downgrade curl to 7.33.0-3. There is a known bug that is now fixed and should be released with the next version. I got bit by this too
  Scott

• I receive an error stating user name and password are not valid on my ipad and iphone 3Gs when attempting to load email from my icloud account. When I log onto icloud from my Mac, it wont load the email either.

  One day, my ipad and iphone pick up my emails (.mac account) from icloud just fine. the next day, I recieved error messages that say my user name and password are not accurate. I removed the icloud program on both devices and added it back on to both devices and get the same message. I logged into icloud from my Mac and while I can log in, it times out when I select email and wont load the email there either. Any Suggestons?

  I am having the same problem; it started about 24-36 hours ago.
  I know my ID/PW combo are correct because I can access all other aspects of iCloud except mail.
  iPhone -- returns incorrect ID / Password
  iPad -- Same
  Mail.app on Mac -- returns incorrect password error
  icloud.com -- allows me to log in and use all functions accept mail.  When I try to use mail it stays on a white screen for about 60 seconds then returns a dialogue box that indicates a server error.
  I contacted Apple and they placed my iCloud account into something called "Troubleshooting" mode.  They generated a new strong password and sent it on to "Engineering."
  I suspect there are a small number ofo users like you who are affected with the same problem I am.  Too small a number for it to be reported as an outtage.  I suggest you call Apple and open a case to have your mail investigaged.
  Hope this helps...

• Canon 7D Mark II error "Files are not recognized by the raw format support in Light (149)"?

  Has anyone tried to load raw files from a Canon 7D Mark II I get an error "Files are not recognized by the raw format support in Light (149)"?

  Based on previous experience, I expect the final versions of LR, ACR and DNGC to be released simultaneously.  We have so far seen Release Candidates of ACR and DNGC but not LR.
  Unless there needs to be a second ACR/DNGC Release Candidate which happens once every few years for special circumstances, which I don't see any of at the moment.

• Can iMessage be used with non iOS 5 users, ie non-apple users. My new i-pad 2 error message says these contacts are not recognized by imessage when I try to text some of these contacts.

  Can iMessage be used with non iOS 5 users, ie non-apple users?
  My new i-pad 2 error message says these contacts are not recognized by imessage when I try to send them a text.

  So that means that I can send text messages through my i-phone to reach non iOS 5 users, but not through my i-pad 2.

• After I optimize my pdf I get this error  "Cannot extract the embedded font 'FONT NAME' Some characters may not display or print correctly.

  After I optimize my pdf I get this error  "Cannot extract the embedded font 'FONT NAME' Some characters may not display or print correctly.

  This Acrobat forum may be a better place to ask: https://forums.adobe.com/community/acrobat/creating__editing_%26_exporting_pdfs

• Native app - Invalid number of parameters, java.exe is not recognized as an internal or external...

  Compilation complete.
  Patching package name...
  Patching version information...
  Patching app name...
  Updating the Android app project...
  [Path to Android project]>android update project --name "EmployeeCare2" --target 1 --path .
  Invalid number of parameters
  '"C:\Windows\system32\java.exe "' is not recognized as an internal or external command,
  operable program or batch file.

  Fixed it. I mean I got it to generate the app, I wouldn't call it fixed. This is one of those cases where I'm convinced that I am the only person who is using a particular feature because it doesn't seem like this would have ever worked for anyone.
  Open C:\Program Files (x86)\Adobe\Adobe RoboHelp 11\RoboHTML\MultiscreenExt\NativeApps\Android\UpdateApp.bat.
  Turn echo back on.
  Run the script to generate a native app.
  Check the output window when it fails. This line >SET PATH="C:\Program Files\Java\jdk1.7.0_51\"bin; should be >SET PATH=C:\Program Files\Java\jdk1.7.0_51\bin; no quotes around the path before bin.
  Back in UpdateApp.bat: I hardcoded SET PATH=C:\Program Files\Java\jdk1.7.0_51\bin;%3;%PATH%.
  When I run the script again, I get a different error. I cleared the output window, so I don't remember what it was.
  Delete everything in the output folder, run the script again.
  I haven't tested the app, but it says and looks like it was generated.

• TFS Build Error - Exception Message: The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters

  I am trying to set-up CI of Orchard CMS and deploy it on Azure using TF service. I am stuck at following error for path being
  longer than 260 characters. However, when counted the total characters in path are 235. Please see the below error :
  Other Errors and Warnings
  1 error(s), 1 warning(s)
  Exception Message: TF400889: The following path contains more than the allowed 259 characters: drop/_PublishedWebsites/Orchard.Web_Package/Archive/Content/C_C/a/src/projects/Orchard/dev/DevAltaf/Orchard/src/Orchard.Web/obj/Debug/Package/PackageTmp/Modules/BrentApart.BannerManager/Scripts/controllers/bannerAssignmentController.js. Specify a shorter path. (type VssServiceException)
  Exception Stack Trace: at Microsoft.TeamFoundation.Build.Workflow.Activities.FileContainerDropProvider.EndCopyDirectory(IAsyncResult result)
  at Microsoft.TeamFoundation.Build.Workflow.Activities.CopyDirectory.EndExecute(AsyncCodeActivityContext context, IAsyncResult result)
  at System.Activities.AsyncCodeActivity.CompleteAsyncCodeActivityData.CompleteAsyncCodeActivityWorkItem.Execute(ActivityExecutor executor, BookmarkManager bookmarkManager)
  Inner Exception Details:
  Exception Message: The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters, and the directory name must be less than 248 characters. (type PathTooLongException)
  Did anyone came across such issue while deploying Orchard on Azure with TF service? If yes, how did you sort this freaking error?
  Thanks,
  Altaf B.

  Hi AltafB,
  For your situation, you can short the path for the source code. Or use a short path for build agent folder in your build definition. You can refer to the links below to solve your problem:
  http://blogs.msdn.com/b/aaronhallberg/archive/2007/06/20/team-build-and-260-character-paths.aspx
  https://social.msdn.microsoft.com/Forums/vstudio/en-US/1638a5f0-9321-4ff9-9ee7-6d347badb972/please-some-solution-to-the-specified-path-file-name-or-both-are-too-long?forum=tfsbuild
  Besides, since you deploy Orchard to Azure, you can also publish it directly using publish profile in Visual Stduio or WebMatrix directly.
  Best regards,
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• FB50L error: Postings to G/L accounts with open item management are not permitted

  Dear All
  I need your help.
  I am trying to do some adjustment to GR/IR clearing account in Non-leading ledger. Since for this account open item management is ticked, I am getting an error message 'Postings to G/L accounts with open item management are not permitted'.
  Now I have checked the forum to find some solution...but does not fit my requirement.
  I cannot create a new account. I cannot change the existing account. I tried OBA5, but the message persists.
  I also checked the notes.
  Appreciate a response on how the post to open item managed accounts in non-leading ledger.
  Regards
  Kunaal

  Hi Kunaal
  Usually, OIM accounts are not allowed for Non Leading Ledger postings... With EhP4 or 5, i guess, a new feature is added in GL Master whereby you can specify that a GL will be OIM for Leading Ledger and Not OIM for a Non Leading Ledger
  Regards
  Kavita Agarwal

• Child DC cannot Replicate to Parent DC, because of connection errors. MS PortQryUI shows that ports 3268 and 3269 are not listening,

  I started a support case with Microsoft to help me with raising the our domain Forest level because i received a message stating that there were Windows 2000 PDC still listed in the database. These PDCs were removed years ago. The tech saw all of the problems
  i was having with domain replication so that is where he started. running the MS PortQryUI shows that ports 3268 and 3269 are not listening, (TCP port 3268 (unknown service): NOT LISTENING) when run FROM a Child domain controller against the Parent
  Domain controller. Between the 2 Child domain controllers these ports are listening.
  The Windows firewall is not running on any of the controllers, i removed a virus protect client from all of the servers, although i didn't enable the firewall there either, but these ports are still not listening on the Parent DC.
  I need help debugging this. I am not very familiar with network sniffers so if i need to run one i'll need some guidance. This DC only has one NIC, all IP addresses are static, all servers are setup like this. All servers are in the same subnet, on the same
  lan, on the same cisco switch, there shouldn't be anything blocking this port from starting.
  I looked over other post that show this same problem, but they don't give a solution. If i am not using the Windows firewall why wouldn't these ports be open?
  Any ideas? web searches are all over the map on trying to find the reason for this.
  Bobby

  Try running the below command on the DCs that you think have the ports blocked or all the DCs.
  netdiag /test:ipsec /debug > c:\dcname-ipseclog.log
  Open that from the C drive and see if there is anything saying block or filters. 
  Also, just for kicks have you disabled the firewall service on the DCs? 
  And just for kicks have you tried enabling firewalls ports on all the DCs?  The KB is below
  http://support.microsoft.com/kb/555381/en-us
  Step 1 - netdiag results
  Step 2 - disable the firewall service on all DCs if step 1 was negative
  Step 3 - enable the firewalls on all DCs per KB 555381 if step 2 doesn't work
  Let us know how it goes!
  If it answered your question, remember to “Mark as Answer”.
  If you found this post helpful, please “Vote as Helpful”.
  Postings are provided “AS IS” with no warranties, and confers no rights.
  Active Directory: Ultimate Reading Collection

• Unicode error:a line of internal table and a data object are not mutually c

  Hi Friends,
      This is the issue in upgradation from 4.6c to ECC6.0
      I have an internal table itab which has include structure say 'xyz' . In xyz there is a field of type int4 as third field. I have a field as l_line which is a string.
  data : begin of itab occurs 0.
           include structure zxyz.
  data: end of itab.
  data: l_line type string.
  In the program I am getting the unicode error as:
  " A line of "itab" and "l_line" are not mutually convertible in unicode program." at he following line.
  loop at itab into l_line.
  endloop.
  Thanks,
  Ali.

  Hi Narendran,
  I did the same earlier, but the field l_line is again used in the another line as follows
  IF l_line CS w_group.----
  (1)
  where     w_group         LIKE zstr-cctr_group.
  here zstr-cctr_group is same as one of the fields of structure xyz.
  in line 1 it is giving warning as
  l_line is incompatible and it must be C,N,D,T or string.
  Thanks,
  Ali

• Getting a Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error

  trying ti sign into the App Store on my macbook pro and it asks for further security clearance.  then gives me this error in safari and chrome?

  HI ...
  Go to ~/Library/Caches/com.apple.appstore/Cache.db
  Move the Cache.db file to the Trash.
  Restart your Mac.
  Try the App Store.
  ~ (Tilde) character represents the Home folder.
  For Lion:   To find the Home folder in OS X Lion, open the Finder, hold the Option key, and choose Go > Library

• Two error - certificate validation operation took X milliseconds & Alternate access mappings have not been configured

  Dear all,
  I have two questions on my SP2013 standard (on premise). They are very usual and I can find lots of work around and resolutino on web. But I cannot fix my environment and I am looking for more detail explaination if possible.
  At the beginning, I found there are lots of Critical error log in my SP App server every 1-2 minutes:
  A certificate validation operation took X milliseconds and has exceeded the execution time threshold. If this continues to occur, it may represent a configuration issue.
  My system doesn't have Internet access. After some research it happened to be SharePoint certificate CRL checking issue:
  http://support.microsoft.com/kb/2625048/en-us
  I applied BOTH resolustion but the error still throw.
  After more research, it seems Sharepoint will keep looking for
  http://crl.microsoft.com. Some discussion suggested to add a HOSTS line "127.0.0.1     crl.microsoft.com". I have added the line and now I see a new warning log:
  Alternate access mappings have not been configured.  Users or services are accessing the site
  http://domain.com with the URL
  http://127.0.0.1.  This may cause incorrect links to be stored or returned to users.  If this is expected, add the URL http://127.0.0.1 as an AAM response URL.
  I guess Sharepoint is trying to contact http://crl.microsoft.com to retrieve the crl. How can I resolve both error? Why Microsoft have this design knowing that many Sharepoint site are sit within Intranet?
  Thanks a lot.
  Mark

  Anything in the CAPI log?  It shouldn't be going to the internet anymore.
  Do you have loopback disabled?
  http://blogs.technet.com/b/sharepoint_foxhole/archive/2010/06/21/disableloopbackcheck-lets-do-it-the-right-way.aspx