locked
Invalid incoming HTTPS certificate RRS feed

  • Question

  • Dear all,

    I have one SfB Front End which gets every 5min a "invalide incoming HTTPS certificate" Error.

    After searching I found multiple Sites explaining that it Comes from missplaced Certificates.
    I also used the PS Comands to see if there are Certificates missplaced. And it Looks fine.

    Certificate are all still valid and this error happens only on one Front End. The other Front Ends have Errors telling that they cant Access this specifig Server with the Issue: sending HTTP request failed. Sending the message to https://host:444/LiveServer/MCUFactory failed"

    PKI is not from Microsoft. And I was told that the Team introduced CRL at the same time where These issues startet to happen. Certificates are not revoked. Hidding the CRL by deleting the DNS to the Path didn't helped.

    Thanks for your help.

    Wednesday, June 8, 2016 9:41 AM

All replies

  • Have you checked that the certificate contained not only the ldap path to the CRL?

    regards Holger Technical Specialist UC

    • Proposed as answer by Eason Huang Thursday, June 9, 2016 5:17 AM
    Wednesday, June 8, 2016 2:26 PM
  • Did you also try Updating the certificate  using the deployment wizard once again for that specific server


    Linus

    • Proposed as answer by Eason Huang Thursday, June 9, 2016 5:17 AM
    Wednesday, June 8, 2016 6:18 PM
  • Hi,

    Please try to rerun step 2 on SFB Developing Wizard and then restart IIS to test the issue as well.

    Best Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Eason Huang
    TechNet Community Support


    Thursday, June 9, 2016 5:18 AM
  • Yes we tried just using the same certificates and new ones.

    With the same certificates nothing changed.

    With new certificates the error disapreared. But just for one day. then it started again to appear.

    Thursday, June 9, 2016 8:01 AM
  • Thank you for your Suggestion. No changes after executing it.

    The issues are apprearing again on multiple front Ends. not just only one.

    Thursday, June 9, 2016 8:08 AM
  • Hi Could you also follow Eason's suggestion about running the step2 and resetting IIS. 


    Linus

    Thursday, June 9, 2016 8:09 AM
  • Sorry, didn't specified exactly what i executed on my post above.

    I followed Eason's sugguestion on all front Ends. No success.

    One Thing to mention. It started on 01.06.2016 from 18:48 until 19:07. Not all Server where affected in the same Minute. They started to get this Error one after an other.

    This time is around the same time when the CRL was made available.

    Certificates have an CRL entry where until now just a place holder like URL=http://pki.domain/sub/PKI_Name.pem.
    And on the date above, this URL was made accessible with an empty CRL (as CRL was never used bevore).

    Thursday, June 9, 2016 8:49 AM