SSL Certificate is not trusted
Hi -
We just started getting errors in our existing integration indicating that the SSL Certificate is not trusted.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Seth B on 01 Jan, 2014 08:11 PM
Hey Sean, sorry about that.
We recently changed webservers from Apache to Nginx. To us it looked like things were working properly, but maybe not?
Anyhow, we tweaked the SSL certificate to include the chained RapidSSL bundle. Give it another try and let us know if the error went away?
2 Posted by Sean Fielding on 02 Jan, 2014 04:19 PM
hmmmm - it now looks good when I look at something like digicert.com... but I am still getting the following error:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Support Staff 3 Posted by Seth B on 02 Jan, 2014 06:26 PM
Sean,
Perhaps try installing the RapidSSL CA cert bundle on your server. I'm out of ideas here, and it seems to be working on browsers and elsewhere so far.
I will keep my eye on this to see if any other customers mention it.
— Seth
4 Posted by Sean Fielding on 03 Jan, 2014 12:11 AM
Hi -
I think there are still issues with the certification chaining. I'm seeing issues with the intermediate certificate.
openssl s_client -showcerts -connect api.cashboardapp.com:443
CONNECTED(00000003)
depth=0 /serialNumber=GIMXRamR-Qwm0Wom/trhbVbORgFA7Zoz/OU=GT22542577/OU=See www.
rapidssl.com/resources/cps (c)13/OU=Domain Control Validated - RapidSSL(R)/CN=*.
cashboardapp.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /serialNumber=GIMXRamR-Qwm0Wom/trhbVbORgFA7Zoz/OU=GT22542577/OU=See www.
rapidssl.com/resources/cps (c)13/OU=Domain Control Validated - RapidSSL(R)/CN=*.
cashboardapp.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /serialNumber=GIMXRamR-Qwm0Wom/trhbVbORgFA7Zoz/OU=GT22542577/OU=See www.
rapidssl.com/resources/cps (c)13/OU=Domain Control Validated - RapidSSL(R)/CN=*.
cashboardapp.com
verify error:num=21:unable to verify the first certificate
verify return:1
5 Posted by Sean Fielding on 03 Jan, 2014 12:12 AM
Same issue with looking at the certification on GeoTrust.
https://ssltools.geotrust.com/checker/views/certCheck.jsp
Support Staff 6 Posted by Seth B on 03 Jan, 2014 01:56 AM
Just checked the URL you provided, looks to be working now. Please confirm.
7 Posted by Sean Fielding on 03 Jan, 2014 04:43 AM
Yahoo! Everything seems to be working now. Thank you for your help.
Support Staff 8 Posted by Seth B on 03 Jan, 2014 05:21 AM
On Thursday, January 2, 2014, Sean Fielding wrote:
9 Posted by Brian Walsh on 30 Jun, 2014 06:46 PM
This comment was split into a new discussion: SSL Certificate expired?
Did the cert expire? Our calls from Salesforce to Cashboard are failing due to cert issues.
echo | openssl s_client -connect api.cashboardapp.com:443 2>/dev/null | openssl x509 -noout -issuer -subject -dates
It looks like the cert expired on the 27th of June.
Support Staff 10 Posted by Seth B on 30 Jun, 2014 06:52 PM
No. Our certificate expires June 11 of next year.
Support Staff 11 Posted by Seth B on 30 Jun, 2014 06:56 PM
Also - Sean RE your other thread...this is the last time we actually changed anything with the certificate.
12 Posted by Aaron Pettitt on 30 Jun, 2014 07:12 PM
Using the ssl client command: echo | openssl s_client -connect -showcerts api.cashboardapp.com:443 2>/dev/null | openssl x509 -noout -dates
We receive:
notBefore=Mar 24 10:20:38 2013 GMT
notAfter=Jun 27 02:32:25 2014 GMT
Seth B closed this discussion on 30 Jun, 2014 07:14 PM.