Server and scanners can't communicate after new SSL certificate is applied
|Article:TECH181356|||||Created: 2012-02-13|||||Updated: 2012-02-13|||||Article URL http://www.symantec.com/docs/TECH181356|
After installing a new SSL certificate on the Risk Automation Suite Portal, the scanners can no longer communicate with the portal. Re-registration attempts also fail due to lack of communication. The portal is still accessible through the WebUI.
Scanners give error "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
Windows reports "Integrity of Certificate Cannot Be Guaranteed. Certificate May be corrupted or altered."
Risk Automation Suite Portal installed on Windows server 2008.
Scanners installed on Windows Server 2003 SP2.
Windows 2008 has new additions to the cryptography API that are used in the V3 certificate templates for CA's and Webservers in Windows 2008. This includes support for certificate signing algorithms which are not recognized by older clients such as Windows 2003 servers.
Install Microsoft KB 968730 to allow Server 2003 SP2 boxes to both enroll from a SHA2 certificate authority and process SHA2 certificates.
Article URL http://www.symantec.com/docs/TECH181356