SSL Certificate is not trusted

Sean Fielding's Avatar

Sean Fielding

01 Jan, 2014 06:34 PM

Hi -

We just started getting errors in our existing integration indicating that the SSL Certificate is not trusted.

  1. Support Staff 1 Posted by Seth B on 01 Jan, 2014 08:11 PM

    Seth B's Avatar

    Hey Sean, sorry about that.

    We recently changed webservers from Apache to Nginx. To us it looked like things were working properly, but maybe not?

    Anyhow, we tweaked the SSL certificate to include the chained RapidSSL bundle. Give it another try and let us know if the error went away?

  2. 2 Posted by Sean Fielding on 02 Jan, 2014 04:19 PM

    Sean Fielding's Avatar

    hmmmm - it now looks good when I look at something like digicert.com... but I am still getting the following error:

    sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

  3. Support Staff 3 Posted by Seth B on 02 Jan, 2014 06:26 PM

    Seth B's Avatar

    Sean,

    Perhaps try installing the RapidSSL CA cert bundle on your server. I'm out of ideas here, and it seems to be working on browsers and elsewhere so far.

    I will keep my eye on this to see if any other customers mention it.

    — Seth

  4. 4 Posted by Sean Fielding on 03 Jan, 2014 12:11 AM

    Sean Fielding's Avatar

    Hi -

    I think there are still issues with the certification chaining. I'm seeing issues with the intermediate certificate.

    openssl s_client -showcerts -connect api.cashboardapp.com:443

    CONNECTED(00000003)
    depth=0 /serialNumber=GIMXRamR-Qwm0Wom/trhbVbORgFA7Zoz/OU=GT22542577/OU=See www.
    rapidssl.com/resources/cps (c)13/OU=Domain Control Validated - RapidSSL(R)/CN=*.
    cashboardapp.com
    verify error:num=20:unable to get local issuer certificate
    verify return:1
    depth=0 /serialNumber=GIMXRamR-Qwm0Wom/trhbVbORgFA7Zoz/OU=GT22542577/OU=See www.
    rapidssl.com/resources/cps (c)13/OU=Domain Control Validated - RapidSSL(R)/CN=*.
    cashboardapp.com
    verify error:num=27:certificate not trusted
    verify return:1
    depth=0 /serialNumber=GIMXRamR-Qwm0Wom/trhbVbORgFA7Zoz/OU=GT22542577/OU=See www.
    rapidssl.com/resources/cps (c)13/OU=Domain Control Validated - RapidSSL(R)/CN=*.
    cashboardapp.com
    verify error:num=21:unable to verify the first certificate
    verify return:1

  5. 5 Posted by Sean Fielding on 03 Jan, 2014 12:12 AM

    Sean Fielding's Avatar

    Same issue with looking at the certification on GeoTrust.

    https://ssltools.geotrust.com/checker/views/certCheck.jsp

  6. Support Staff 6 Posted by Seth B on 03 Jan, 2014 01:56 AM

    Seth B's Avatar

    Just checked the URL you provided, looks to be working now. Please confirm.

  7. 7 Posted by Sean Fielding on 03 Jan, 2014 04:43 AM

    Sean Fielding's Avatar

    Yahoo! Everything seems to be working now. Thank you for your help.

  8. Support Staff 8 Posted by Seth B on 03 Jan, 2014 05:21 AM

    Seth B's Avatar

    On Thursday, January 2, 2014, Sean Fielding wrote:

  9. 9 Posted by Brian Walsh on 30 Jun, 2014 06:46 PM

    Brian Walsh's Avatar

    This comment was split into a new discussion: SSL Certificate expired?

    Did the cert expire? Our calls from Salesforce to Cashboard are failing due to cert issues.

    echo | openssl s_client -connect api.cashboardapp.com:443 2>/dev/null | openssl x509 -noout -issuer -subject -dates

    It looks like the cert expired on the 27th of June.

  10. Support Staff 10 Posted by Seth B on 30 Jun, 2014 06:52 PM

    Seth B's Avatar

    No. Our certificate expires June 11 of next year.

  11. Support Staff 11 Posted by Seth B on 30 Jun, 2014 06:56 PM

    Seth B's Avatar

    Also - Sean RE your other thread...this is the last time we actually changed anything with the certificate.

  12. 12 Posted by Aaron Pettitt on 30 Jun, 2014 07:12 PM

    Aaron Pettitt's Avatar

    Using the ssl client command: echo | openssl s_client -connect -showcerts api.cashboardapp.com:443 2>/dev/null | openssl x509 -noout -dates

    We receive:
    notBefore=Mar 24 10:20:38 2013 GMT
    notAfter=Jun 27 02:32:25 2014 GMT

  13. Seth B closed this discussion on 30 Jun, 2014 07:14 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

25 Jul, 2020 12:06 AM
25 Jul, 2020 12:05 AM
08 Jul, 2020 11:46 PM
06 Jul, 2020 11:35 PM
29 Jun, 2020 10:44 PM