vtodorovelatec Absent Member.
Absent Member.
1668 views

Certificate not trusted in Firefox and Android Web Browser

Hi,

is anyone experiencing the same issue. My Filr Appliance has a signed certificate from thawte. The certificate chain is imported also. The site is not trusted under Firefox or Android web browser. Before the upgrade to 1.1. I knew there was a problem with Android but not sure if the same was in Firefox.

Talked to thawte, replaced the certificate and the chain and again same issue.
A certificate check tool shows that the chain cannot be seen and the first item in the chain is again the filr appliance certificate which is wrong.

Waiting on a SR but no ideas so far.
0 Likes
5 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Certificate not trusted in Firefox and Android Web Browser

On Mon, 20 Oct 2014 08:46:02 GMT, vtodorovelatec
<vtodorovelatec@no-mx.forums.novell.com> wrote:

Hi,

From the security pages at mozilla:
The root certificates under consideration for the second phase are
Thawte, VeriSign, Equifax, and GTE CyberTrust 1024-bit root
certificates.

They are 1024 bit certs which are seen as unsafe.

>
> Hi,
>
> is anyone experiencing the same issue. My Filr Appliance has a signed
> certificate from thawte. The certificate chain is imported also. The
> site is not trusted under Firefox or Android web browser. Before the
> upgrade to 1.1. I knew there was a problem with Android but not sure if
> the same was in Firefox.
>
> Talked to thawte, replaced the certificate and the chain and again same
> issue.
> A certificate check tool shows that the chain cannot be seen and the
> first item in the chain is again the filr appliance certificate which is
> wrong.
>
> Waiting on a SR but no ideas so far.


0 Likes
vtodorovelatec Absent Member.
Absent Member.

Re: Certificate not trusted in Firefox and Android Web Brows

Hi Alex,

the root CA and the CA-G2 from Thawte are 2048 bit certificates
0 Likes
Highlighted
kokot_passau Absent Member.
Absent Member.

Re: Certificate not trusted in Firefox and Android Web Brows

Hi,

check the certificate and your chain with an external program or site (e.g. https://www.ssllabs.com/ssltest/).
While in beta, there was a bug that certificates where not updated to jetty and tomcat, even if the vaconfig showing the correct/updated ones.

I don't know maybe its fixed already. I'm using a load balancer which is doing the SSL stuff, so can't check it.
0 Likes
vtodorovelatec Absent Member.
Absent Member.

Re: Certificate not trusted in Firefox and Android Web Brows

kokot_passau;2336858 wrote:
Hi,


While in beta, there was a bug that certificates where not updated to jetty and tomcat, even if the vaconfig showing the correct/updated ones.




I think also the problem is with the appliance not showing the correct certificates. How can I fix this?

When checking with an external program, it shows that there is a problem with the chain ("The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate."). And the first certificate in the chain has the common name as the site filr.domain.com. The root certificate is not seen
0 Likes
kokot_passau Absent Member.
Absent Member.

Re: Certificate not trusted in Firefox and Android Web Brows

The old certificates and chain are still used by filr or are they missing?

You could try update the certificates for jetty and tomcat manually using ssh, which isn't supported und could lead to other problems.
For example, every time the server is reconfigured, the old and wrong certificates are restored.

Try contact the support, maybe they already have a solution for it.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.