SSL protocol error. Certificate is either invalid or common name or authority are not recognized. I
Hi, I have problems when I tried to open a PDF document with a police of RM generated in the Laundpad, I use a self-signed ssl certificates with the common name https://127.0.0.1:8443 and the base URL in the configuration is the same. I have tried to resolve this issue during a week but i could it and I do not understand how to solve it.
If anybody can help me, please. This is the picture when I try to open a PDF file with RM policies. Thanks
So the CN value should be without the ":8443" addition when creating the cert file?
Further: Ive installed and trusted the certificate in the personal and the trusted root certifcation auth.
When opening the URL: https://192.168.1.35:8443/adminui/ in Firefox i get the following error:
@ IE i get:
Thanks for looking in to this!
Similar Messages
-
SSL Protocol Error. Certificate is either invalid or common name...
There is only one website I have found that has this issue for us. It is collegesource.org. I have worked with their support but so far we have no solution.
I have Windows Vista with IE7, Firefox 3.6 and chrome 4.0 and Adobe Reader 9.3.
When I attempt to open the course catalogs for any school on this website it gives me the error below. XP machines on the same network with IE7 can access the PDFs on this site just fine. We could work around this by just downloading the PDFs and opening them outside of the browser but unfortunately when you right click and try to save the target it is a frame.htm.
Every search I have done for this error only finds 1 similar post and that problem doesn't have a resolution.
I also attempted to downgrade to Adobe Reader 8.1 and the error I received was "this computer must be connected to the network in order to open this document"So the CN value should be without the ":8443" addition when creating the cert file?
Further: Ive installed and trusted the certificate in the personal and the trusted root certifcation auth.
When opening the URL: https://192.168.1.35:8443/adminui/ in Firefox i get the following error:
@ IE i get:
Thanks for looking in to this! -
Can't access ABS URL and autodiscover.sipdomain URLs externally - SSL protocol error
Problems:
- Can't sync Address Book for external or internal clients (I can do searches however just fine so I'm not sure what protocol is used to perform those, if not with address book)
- Can't connect to Lync mobile.
What I discovered was common with these issues is when I go to try and manually enter in the browser either:
https://lyncdiscover.sipdomain.com/ (to test mobile autodiscover connectivity)
or
https://"extwebservicesURL"/abs (to test address book)
I get same response from google: Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.
I also ran Test-CsMcxP2PIM and got this:
TargetUri : https://pitlyncpool01.pit.local:443/CertProv/CertProvisioningService.svc
TargetFqdn : pitlyncpool01.pit.local
Result : Failure
Latency : 00:00:00
Error : ERROR - No response received for Web-Ticket service.
Inner Exception:The content type text/html; charset=utf-8 of the response message does not match the content type of the binding (text/xml; charset=utf-8). If using a custom encoder, be
sure that the IsContentTypeSupported method is implemented properly. The first 1024 bytes of the response were: '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.o
rg/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>IIS 7.5 Detailed Error - 500.0 - Internal Server Error</title>
<style type="text/css">
And similar result when I test with "Test-CsAddressBookService"
TargetUri : https://pitlyncpool01.pit.local:443/groupexpansion/service.svc
TargetFqdn : pitlyncpool01.pit.local
Result : Failure
Latency : 00:00:00
Error : ERROR - No response received for Web-Ticket service.
Inner Exception:The content type text/html; charset=utf-8 of the response message does not match the content type of the binding (text/xml; charset=utf-8). If using a custom encoder, be
sure that the IsContentTypeSupported method is implemented properly. The first 1024 bytes of the response were: '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.o
rg/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>IIS 7.5 Detailed Error - 500.0 - Internal Server Error</title>
The only search on google that I found on this is to uninstall IIS and Lync web components and reinstall. Which I tried, but Lync web components wouldn't install back (error), so I restored server back from the snapshot and back to square one..
Also tried https://www.testocsconnectivity.com to run test on mobile autodiscovery and got this:
ExRCA is attempting to obtain the SSL certificate from remote server lyncdiscover.sipdomain.com on port 443.
ExRCA wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
Is there anything else I can look into to find out why am I getting these errors? Maybe to try OCS logging utility? But I don't know which components to checkmark for logging..
Thank you for any help and Happy New Year!
SergeyHi,
It seems the web service url is not valid or the web service not function. Is it Lync Standard Edition or Enterprise? Did the mobility issue also happen for external? Have you assigned a public certificate for reverse proxy correctly?
1. Please go to topology builder and check which FQDN you did put in for internal and external web service. For Lync Server Standard Edition, the internal web base URL should be same with your front end server FQDN.
If the internal domain name is different with external domain name, for example, your internal domain is contoso.net, but your external domain name is contoso.com. The external base URL should use the contoso.com domain name.
2. Please make sure the certificate has been assigned on front end server successfully. Please go to Lync Server deployment wizard to check it.
3. In IIS, please make sure Lync Server Internal Web Site is configured on ports 80 and 443 and Lync Server External Web is configured on ports 8080 and 4443.
More details about configuring reverse proxy for your reference:
http://social.technet.microsoft.com/wiki/contents/articles/9807.configuring-forefront-tmg-2010-as-reverse-proxy-for-lync-server-2010.aspx
If the issue persists, please try to enable logging tool and reproduce the issue to get report for further troubleshooting.
http://blog.schertz.name/2011/06/using-the-lync-logging-tool/
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information
found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
Kent Huang
TechNet Community Support -
[SOLVED] Unknown SSL protocol error in connection
Hi there. I'm trying to get a website with curl but i'm getting this error:
[martriay@atila ~]$ curl -v "https://servicios1.afip.gov.ar"
* Rebuilt URL to: https://servicios1.afip.gov.ar/
* Hostname was NOT found in DNS cache
* Adding handle: conn: 0x20412c0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x20412c0) send_pipe: 1, recv_pipe: 0
* Trying 200.1.116.53...
* Connected to servicios1.afip.gov.ar (200.1.116.53) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to servicios1.afip.gov.ar:443
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to servicios1.afip.gov.ar:443
And when i try with SSLv3:
[martriay@atila ~]$ curl -3 -v "https://servicios1.afip.gov.ar"
* Rebuilt URL to: https://servicios1.afip.gov.ar/
* Hostname was NOT found in DNS cache
* Adding handle: conn: 0x8032c0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x8032c0) send_pipe: 1, recv_pipe: 0
* Trying 200.1.116.53...
* Connected to servicios1.afip.gov.ar (200.1.116.53) port 443 (#0)
* Unsupported SSL protocol version
* Closing connection 0
curl: (35) Unsupported SSL protocol version
That's from my archlinux server, while on my desktop's fedora it works just fine. Both computers are within the same network.
openssl version:
[martriay@atila ~]$ openssl version
OpenSSL 1.0.1e 11 Feb 2013
openssl connection attempt
[martriay@atila ~]$ openssl s_client -connect servicios1.afip.gov.ar:443
CONNECTED(00000003)
write:errno=104
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 322 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
If I add the -ssl3 option:
[martriay@atila ~]$ openssl s_client -connect servicios1.afip.gov.ar:443 -ssl3
CONNECTED(00000003)
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO High-Assurance Secure Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
Certificate chain
0 s:/C=AR/postalCode=1086/ST=Ciudad Autonoma de Buenos Aires/L=Capital Federal/street=Hipolito Yirigoyen 370/O=ADMINISTRACION FEDERAL DE INGRESOS PUBLICOS/OU=Issued through ADMINISTRACION FEDERAL DE INGRESOS PUBLICOS E-PKI/OU=InstantSSL/CN=servicios1.afip.gov.ar
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA
1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
Server certificate
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
subject=/C=AR/postalCode=1086/ST=Ciudad Autonoma de Buenos Aires/L=Capital Federal/street=Hipolito Yirigoyen 370/O=ADMINISTRACION FEDERAL DE INGRESOS PUBLICOS/OU=Issued through ADMINISTRACION FEDERAL DE INGRESOS PUBLICOS E-PKI/OU=InstantSSL/CN=servicios1.afip.gov.ar
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA
No client certificate CA names sent
SSL handshake has read 3048 bytes and written 485 bytes
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : RC4-MD5
Session-ID: F34244E0C2E402103FC9B7216E504E89761FDAF31CC1AC3A7939BE99AD8D0C57
Session-ID-ctx:
Master-Key: 146C91E59E259AD38C1E7A0B8E5DBEAE2D768622DE4045CD927D60A40FF8CA527A2694E227FEE30CC0909ADE0B72B0C8
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1389232087
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Any ideas?
Last edited by martriay (2014-01-09 14:05:02)Downgrade curl to 7.33.0-3. There is a known bug that is now fixed and should be released with the next version. I got bit by this too
Scott -
One day, my ipad and iphone pick up my emails (.mac account) from icloud just fine. the next day, I recieved error messages that say my user name and password are not accurate. I removed the icloud program on both devices and added it back on to both devices and get the same message. I logged into icloud from my Mac and while I can log in, it times out when I select email and wont load the email there either. Any Suggestons?
I am having the same problem; it started about 24-36 hours ago.
I know my ID/PW combo are correct because I can access all other aspects of iCloud except mail.
iPhone -- returns incorrect ID / Password
iPad -- Same
Mail.app on Mac -- returns incorrect password error
icloud.com -- allows me to log in and use all functions accept mail. When I try to use mail it stays on a white screen for about 60 seconds then returns a dialogue box that indicates a server error.
I contacted Apple and they placed my iCloud account into something called "Troubleshooting" mode. They generated a new strong password and sent it on to "Engineering."
I suspect there are a small number ofo users like you who are affected with the same problem I am. Too small a number for it to be reported as an outtage. I suggest you call Apple and open a case to have your mail investigaged.
Hope this helps... -
Has anyone tried to load raw files from a Canon 7D Mark II I get an error "Files are not recognized by the raw format support in Light (149)"?
Based on previous experience, I expect the final versions of LR, ACR and DNGC to be released simultaneously. We have so far seen Release Candidates of ACR and DNGC but not LR.
Unless there needs to be a second ACR/DNGC Release Candidate which happens once every few years for special circumstances, which I don't see any of at the moment. -
Can iMessage be used with non iOS 5 users, ie non-apple users?
My new i-pad 2 error message says these contacts are not recognized by imessage when I try to send them a text.So that means that I can send text messages through my i-phone to reach non iOS 5 users, but not through my i-pad 2.
-
After I optimize my pdf I get this error "Cannot extract the embedded font 'FONT NAME' Some characters may not display or print correctly.
This Acrobat forum may be a better place to ask: https://forums.adobe.com/community/acrobat/creating__editing_%26_exporting_pdfs
-
Compilation complete.
Patching package name...
Patching version information...
Patching app name...
Updating the Android app project...
[Path to Android project]>android update project --name "EmployeeCare2" --target 1 --path .
Invalid number of parameters
'"C:\Windows\system32\java.exe "' is not recognized as an internal or external command,
operable program or batch file.Fixed it. I mean I got it to generate the app, I wouldn't call it fixed. This is one of those cases where I'm convinced that I am the only person who is using a particular feature because it doesn't seem like this would have ever worked for anyone.
Open C:\Program Files (x86)\Adobe\Adobe RoboHelp 11\RoboHTML\MultiscreenExt\NativeApps\Android\UpdateApp.bat.
Turn echo back on.
Run the script to generate a native app.
Check the output window when it fails. This line >SET PATH="C:\Program Files\Java\jdk1.7.0_51\"bin; should be >SET PATH=C:\Program Files\Java\jdk1.7.0_51\bin; no quotes around the path before bin.
Back in UpdateApp.bat: I hardcoded SET PATH=C:\Program Files\Java\jdk1.7.0_51\bin;%3;%PATH%.
When I run the script again, I get a different error. I cleared the output window, so I don't remember what it was.
Delete everything in the output folder, run the script again.
I haven't tested the app, but it says and looks like it was generated. -
I am trying to set-up CI of Orchard CMS and deploy it on Azure using TF service. I am stuck at following error for path being
longer than 260 characters. However, when counted the total characters in path are 235. Please see the below error :
Other Errors and Warnings
1 error(s), 1 warning(s)
Exception Message: TF400889: The following path contains more than the allowed 259 characters: drop/_PublishedWebsites/Orchard.Web_Package/Archive/Content/C_C/a/src/projects/Orchard/dev/DevAltaf/Orchard/src/Orchard.Web/obj/Debug/Package/PackageTmp/Modules/BrentApart.BannerManager/Scripts/controllers/bannerAssignmentController.js. Specify a shorter path. (type VssServiceException)
Exception Stack Trace: at Microsoft.TeamFoundation.Build.Workflow.Activities.FileContainerDropProvider.EndCopyDirectory(IAsyncResult result)
at Microsoft.TeamFoundation.Build.Workflow.Activities.CopyDirectory.EndExecute(AsyncCodeActivityContext context, IAsyncResult result)
at System.Activities.AsyncCodeActivity.CompleteAsyncCodeActivityData.CompleteAsyncCodeActivityWorkItem.Execute(ActivityExecutor executor, BookmarkManager bookmarkManager)
Inner Exception Details:
Exception Message: The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters, and the directory name must be less than 248 characters. (type PathTooLongException)
Did anyone came across such issue while deploying Orchard on Azure with TF service? If yes, how did you sort this freaking error?
Thanks,
Altaf B.Hi AltafB,
For your situation, you can short the path for the source code. Or use a short path for build agent folder in your build definition. You can refer to the links below to solve your problem:
http://blogs.msdn.com/b/aaronhallberg/archive/2007/06/20/team-build-and-260-character-paths.aspx
https://social.msdn.microsoft.com/Forums/vstudio/en-US/1638a5f0-9321-4ff9-9ee7-6d347badb972/please-some-solution-to-the-specified-path-file-name-or-both-are-too-long?forum=tfsbuild
Besides, since you deploy Orchard to Azure, you can also publish it directly using publish profile in Visual Stduio or WebMatrix directly.
Best regards,
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
FB50L error: Postings to G/L accounts with open item management are not permitted
Dear All
I need your help.
I am trying to do some adjustment to GR/IR clearing account in Non-leading ledger. Since for this account open item management is ticked, I am getting an error message 'Postings to G/L accounts with open item management are not permitted'.
Now I have checked the forum to find some solution...but does not fit my requirement.
I cannot create a new account. I cannot change the existing account. I tried OBA5, but the message persists.
I also checked the notes.
Appreciate a response on how the post to open item managed accounts in non-leading ledger.
Regards
KunaalHi Kunaal
Usually, OIM accounts are not allowed for Non Leading Ledger postings... With EhP4 or 5, i guess, a new feature is added in GL Master whereby you can specify that a GL will be OIM for Leading Ledger and Not OIM for a Non Leading Ledger
Regards
Kavita Agarwal -
I started a support case with Microsoft to help me with raising the our domain Forest level because i received a message stating that there were Windows 2000 PDC still listed in the database. These PDCs were removed years ago. The tech saw all of the problems
i was having with domain replication so that is where he started. running the MS PortQryUI shows that ports 3268 and 3269 are not listening, (TCP port 3268 (unknown service): NOT LISTENING) when run FROM a Child domain controller against the Parent
Domain controller. Between the 2 Child domain controllers these ports are listening.
The Windows firewall is not running on any of the controllers, i removed a virus protect client from all of the servers, although i didn't enable the firewall there either, but these ports are still not listening on the Parent DC.
I need help debugging this. I am not very familiar with network sniffers so if i need to run one i'll need some guidance. This DC only has one NIC, all IP addresses are static, all servers are setup like this. All servers are in the same subnet, on the same
lan, on the same cisco switch, there shouldn't be anything blocking this port from starting.
I looked over other post that show this same problem, but they don't give a solution. If i am not using the Windows firewall why wouldn't these ports be open?
Any ideas? web searches are all over the map on trying to find the reason for this.
BobbyTry running the below command on the DCs that you think have the ports blocked or all the DCs.
netdiag /test:ipsec /debug > c:\dcname-ipseclog.log
Open that from the C drive and see if there is anything saying block or filters.
Also, just for kicks have you disabled the firewall service on the DCs?
And just for kicks have you tried enabling firewalls ports on all the DCs? The KB is below
http://support.microsoft.com/kb/555381/en-us
Step 1 - netdiag results
Step 2 - disable the firewall service on all DCs if step 1 was negative
Step 3 - enable the firewalls on all DCs per KB 555381 if step 2 doesn't work
Let us know how it goes!
If it answered your question, remember to “Mark as Answer”.
If you found this post helpful, please “Vote as Helpful”.
Postings are provided “AS IS” with no warranties, and confers no rights.
Active Directory: Ultimate Reading Collection -
Unicode error:a line of internal table and a data object are not mutually c
Hi Friends,
This is the issue in upgradation from 4.6c to ECC6.0
I have an internal table itab which has include structure say 'xyz' . In xyz there is a field of type int4 as third field. I have a field as l_line which is a string.
data : begin of itab occurs 0.
include structure zxyz.
data: end of itab.
data: l_line type string.
In the program I am getting the unicode error as:
" A line of "itab" and "l_line" are not mutually convertible in unicode program." at he following line.
loop at itab into l_line.
endloop.
Thanks,
Ali.Hi Narendran,
I did the same earlier, but the field l_line is again used in the another line as follows
IF l_line CS w_group.----
(1)
where w_group LIKE zstr-cctr_group.
here zstr-cctr_group is same as one of the fields of structure xyz.
in line 1 it is giving warning as
l_line is incompatible and it must be C,N,D,T or string.
Thanks,
Ali -
trying ti sign into the App Store on my macbook pro and it asks for further security clearance. then gives me this error in safari and chrome?
HI ...
Go to ~/Library/Caches/com.apple.appstore/Cache.db
Move the Cache.db file to the Trash.
Restart your Mac.
Try the App Store.
~ (Tilde) character represents the Home folder.
For Lion: To find the Home folder in OS X Lion, open the Finder, hold the Option key, and choose Go > Library -
Dear all,
I have two questions on my SP2013 standard (on premise). They are very usual and I can find lots of work around and resolutino on web. But I cannot fix my environment and I am looking for more detail explaination if possible.
At the beginning, I found there are lots of Critical error log in my SP App server every 1-2 minutes:
A certificate validation operation took X milliseconds and has exceeded the execution time threshold. If this continues to occur, it may represent a configuration issue.
My system doesn't have Internet access. After some research it happened to be SharePoint certificate CRL checking issue:
http://support.microsoft.com/kb/2625048/en-us
I applied BOTH resolustion but the error still throw.
After more research, it seems Sharepoint will keep looking for
http://crl.microsoft.com. Some discussion suggested to add a HOSTS line "127.0.0.1 crl.microsoft.com". I have added the line and now I see a new warning log:
Alternate access mappings have not been configured. Users or services are accessing the site
http://domain.com with the URL
http://127.0.0.1. This may cause incorrect links to be stored or returned to users. If this is expected, add the URL http://127.0.0.1 as an AAM response URL.
I guess Sharepoint is trying to contact http://crl.microsoft.com to retrieve the crl. How can I resolve both error? Why Microsoft have this design knowing that many Sharepoint site are sit within Intranet?
Thanks a lot.
MarkAnything in the CAPI log? It shouldn't be going to the internet anymore.
Do you have loopback disabled?
http://blogs.technet.com/b/sharepoint_foxhole/archive/2010/06/21/disableloopbackcheck-lets-do-it-the-right-way.aspx
Maybe you are looking for
-
Hi Everyone, can anyone guide me one the diffrence between the BW BPS and SEM BPS . Please do guide me if there is any site /link that provide the above information
-
in sap standards is their any specific report 1) how many cheque realized in bank 2) how many cheques deposited in bank 3) How many cheques is not realized in bank
-
Photoshop keeps crashing when I try to save
Everytime I try to save my work the program crashes. No matter how small of a save. I have restarted my computer several times. What could be the problem?
-
Is it possible to have spare 'VM Manager'?
Is it possible to have spare 'VM Manager'? I want to enable two or more managers to connect the same server pool and same virtual host. If it is possible,when a manager breaks,we can use spare manager,
-
In Pages, how to search and replace text involving invisible characters?
In Pages documents, how to search and replace text involving invisible characters, colors and font sizes-a task which is so easy in Mircosoft Word?