Server and scanners can't communicate after new SSL certificate is applied

Article:TECH181356  |  Created: 2012-02-13  |  Updated: 2012-02-13  |  Article URL http://www.symantec.com/docs/TECH181356
Article Type
Technical Solution


Environment

Issue



After installing a new SSL certificate on the Risk Automation Suite Portal, the scanners can no longer communicate with the portal. Re-registration attempts also fail due to lack of communication. The portal is still accessible through the WebUI.


Error



Scanners give error "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."

Windows reports "Integrity of Certificate Cannot Be Guaranteed. Certificate May be corrupted or altered."


Environment



Risk Automation Suite Portal installed on Windows server 2008.

Scanners installed on Windows Server 2003 SP2.


Cause



Windows 2008 has new additions to the cryptography API that are used in the V3 certificate templates for CA's and Webservers in Windows 2008. This includes support for certificate signing algorithms which are not recognized by older clients such as Windows 2003 servers.


Solution



Install Microsoft KB 968730 to allow Server 2003 SP2 boxes to both enroll from a SHA2 certificate authority and process SHA2 certificates.




Article URL http://www.symantec.com/docs/TECH181356


Terms of use for this information are found in Legal Notices