-1

I run a CA server "Microsoft CA Server Enterprise" and I generate certificates then bind the cert to my site. In all clients in my network, I add the cert with

certutil -addstore ca org.cer

When my clients browse the org site, Google Chrome shows error with https and says that "identity not verified"

First I thought the problem was with the online responder, so I ran OCSP and add AIA and CRL, but does not work. How do I solve the problem?

Soheil
  • 101
  • 2
  • I'm guessing SHA1 signatures. Can you please check? (Details here: http://weblogs.asp.net/owscott/identity-not-verified-in-chrome) (Archived here: https://archive.today/OFjCb) – StackzOfZtuff Mar 20 '15 at 13:16
  • hello, i read links before but i do not understand that means sha1 is vulnerable ! or something like that , and if i change encryption be correct ? tnx for your advise – Soheil Mar 20 '15 at 22:58
  • It looks like you are using a self-signed certificate for your website and expect that all browsers fully trust your self-signed cert. If this is the case, please read up, how TLS, X.509 and PKI works. – sebix Mar 21 '15 at 09:26
  • @sebix dear friend i run ca server this is not self sign i run pki server and do not use iis self sign certificate very difrence between cert of ca server and generate cert self sign via iis !!!!! – Soheil Mar 21 '15 at 11:05

1 Answers1

0

Please check this:

1) Does it work in Internet Explorer? (If not, then check if you're having a chain-of-trust issue.)
2) Is the certificate using SHA1? If yes, then change to SHA-256 or SHA-512. (Chrome doesn't like SHA1 anymore.)
3) Is the RSA key size >= 2048? -> If yes, then you're fine. If no, then increase RSA key size.
4) Is your certificate to an FQDN or a simple one word name? If simple one word name, then change to resolvable FQDN.

StackzOfZtuff
  • 1,842
  • 13
  • 21