none
SSL Certificate Warning Configuration

    Question

  •  
    I'm trying to figure out if any one has recently experienced this setting being ignored and thus the following message appearing in the crawl log:

    "The secure sockets layer (SSL) certificate sent by the server was invalid and this item will not be crawled"

    I have never had any problem with using this setting on self-signed https test sites however I have just set up a new server and cannot seem to get rid of this crawl log error.  I have rebooted the server, reset crawled content, etc to try and have the setting be picked up.

    I'm running 12.0.0.6318.  Any ideas?

    Thanks,

    Brian
    Friday, October 10, 2008 3:59 PM

Answers

  •  
    I finally got this to work by trying to eliminate possible spanners in the works and repeating the cycle of restarting osearch & spsearch.  While I cannot say for sure what fixed it, I'll list the changes I made below and hope they may help the next person that may come across the issue.

    1.  Web Application had 2 content databases, one did not have the Search Server set (but then again it didn't have any sites) and was actually redundant so I removed that content DB.

    2.  I used stsadm -o spsearch/osearch -action start/stop rather than using either Services on Server or the Services Admin tool to recycle the Search services

    3.  When I restarted osearch it complained of not being able to validate the service account (which was valid at the time, it could not contact the DC) and I corrected that and restarted.

    4.  I kept validating that the SSL Warning Configuration check box was checked before I recycled the Search servers.  At least once during the half dozen recycles it was not but I know for sure that was not on the final restart before it started working.

    Sorry I cannot be more help, only thing I would say is keep checking that all the various search settings are configured correctly and always use stsadm to recycle the services.

    Brian
    • Marked as answer by Brian McManus Monday, October 13, 2008 6:39 PM
    Monday, October 13, 2008 6:39 PM

All replies

  • Has the self signed certificate now expired?
    .NET Developer, Brisbane, Australia, http://httpcode.com
    Friday, October 10, 2008 11:29 PM
  • Thanks for the reply Daniel, the cert is still valid.

    Brian
    Monday, October 13, 2008 4:44 AM
  • Did your old server have a certificate in the trusted root certificates of the server that generated the certificate. I'm just thinking that it might not be trusted until you put it in the trusted store?
    .NET Developer, Brisbane, Australia, http://httpcode.com
    Monday, October 13, 2008 4:56 AM
  •  
    I finally got this to work by trying to eliminate possible spanners in the works and repeating the cycle of restarting osearch & spsearch.  While I cannot say for sure what fixed it, I'll list the changes I made below and hope they may help the next person that may come across the issue.

    1.  Web Application had 2 content databases, one did not have the Search Server set (but then again it didn't have any sites) and was actually redundant so I removed that content DB.

    2.  I used stsadm -o spsearch/osearch -action start/stop rather than using either Services on Server or the Services Admin tool to recycle the Search services

    3.  When I restarted osearch it complained of not being able to validate the service account (which was valid at the time, it could not contact the DC) and I corrected that and restarted.

    4.  I kept validating that the SSL Warning Configuration check box was checked before I recycled the Search servers.  At least once during the half dozen recycles it was not but I know for sure that was not on the final restart before it started working.

    Sorry I cannot be more help, only thing I would say is keep checking that all the various search settings are configured correctly and always use stsadm to recycle the services.

    Brian
    • Marked as answer by Brian McManus Monday, October 13, 2008 6:39 PM
    Monday, October 13, 2008 6:39 PM