1

I have a problem with a self-signed SSL certificate not being accepted on my Windows 7 box. I need this because the QuickBooks web connector will not address my CRM except over HTTPS, and the CRM is hosted on an intranet-only Linux server.

I followed the instructions here, and then used certmgr.msc to import the certificate on the client machine. The import appeared to be successful, and I can see the certificate in the "Trusted Root" store:

enter image description here

The problem is that it doesn't work; QBWC still reports it can't connect due to an authentication error, and my browser still rejects the certificate:

enter image description here

Could someone please give me an idea what I'm doing wrong? Thanks in advance!

Javadecaf
  • 91
  • 2
  • 6
  • 1
    I don't think that firefox uses the built-in windows cert authority list. I think it maintains its own, which you can import into, via firefox>settings or firefox>preferences but then that won't affect your overall windows system. You should just try testing that your import into windows worked ... with internet explorer instead. – pulkitsinghal Feb 16 '14 at 21:55
  • 1
    Actually, the program that needs to accept it is the QuickBooks web connector - I only used FF for demonstration purposes. I did check it with IE also, though, and got the same result. – Javadecaf Feb 17 '14 at 16:21
  • 1
    Bit difficult to see, but the certificate you are showing is not a self signed certificate but issued of "Zachary McIntire" this is what will need to be present in your trusted root store. – RickK Feb 17 '14 at 17:49
  • The consolibyte forums have been helpful for me in the past, give these a gander (1) http://wiki.consolibyte.com/wiki/doku.php/quickbooks_ssl_selfsigned (2) http://www.consolibyte.com/docs/index.php/QuickBooks_Web_Connector_Overview – pulkitsinghal Feb 17 '14 at 20:00

1 Answers1

3

The correct answer was propounded by @RickK - I had issued the certificate in my own name, instead of the domain of the server. The prompts in Apache make this rather confusing; it really looks like you're supposed to put your own name in the "Common Name" field, and the tutorial I followed seems to advise the same thing.

Anyway, I reissued the certificate, changing the CN field to "apps," and everything is working now. Thanks to @RickK and @pulkitsinghal for your helpful input. (And sorry for the delay in my response - this project got pushed to the back burner for awhile.)

Javadecaf
  • 91
  • 2
  • 6