Invalid SSL Certificate

Doc ID		SOLN214142
Version:		2.0
Status:		Published
Published date:		07 Mar 2014
Created Date:		12 Nov 2012

Author:

dshurett

Details

When visiting an https website customer is presented with a certificate error in their web browser.

Problem Clarification

The client does not trust the ssl certificate used by the https web server.

Cause

1. SSL certificates are good for a specific time period, for example Jan 1, 2010 – Dec 31-2011. If the clock on the devices is not within this time period, a cert error can occur. This can either be because the certificate expired or because the clock on the client device is incorrect (wrong year).

2. The name on the certificate does not match the name of the device accessed. For example, if you typed in a browser, www.avaya.com, but the certificate was for avaya.com. Note. Some certificates have multiple permitted addresses configured under Subject Alternative Name.

3. The client device does not trust the certificate authority that issued the certificate. This can occur either with self-signed, private certificate authorities or public certificate authorities where an intermediate certificate or root certificate may need to be installed on the device.

Solution

1. Check date on client computer.

2. Ensure the address typed in the browser matches either the subject or subject alternative name on the ssl certificate.

3. Resolve the root path issues for the certificate on the client. This may either require installing a new root certificate on the client browser or installing an intermediate certificate on the web server.

Avaya -- Proprietary. Use pursuant to the terms of your signed agreement or Avaya policy