+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 41
Windows Thread, ipsCA Global CA Root in Technical; seems odd, I had a random email almost immediately about "It was not possible to connect to a Whois Server". ...
  1. #16

    Join Date
    Oct 2008
    Posts
    213
    Thank Post
    2
    Thanked 11 Times in 11 Posts
    Rep Power
    21
    seems odd, I had a random email almost immediately about "It was not possible to connect to a Whois Server". Then another email the next day asking me to agree to terms, shortly after the new certificate was included as an attachment.

  2. #17
    RobFuller's Avatar
    Join Date
    Feb 2007
    Location
    Chelmsford
    Posts
    311
    Thank Post
    82
    Thanked 38 Times in 28 Posts
    Rep Power
    22
    Yes I had the email about Whois connecting issues then the day after about agreeing then nothing.....

  3. #18
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,650
    Thank Post
    164
    Thanked 217 Times in 200 Posts
    Rep Power
    66
    Quote Originally Posted by spc-rocket View Post
    Hi,

    You need to install both the global cert into the Trusted Root Certification authorities and the Level 1 cert in the Intermediate Certification authorities on the servers where the certificate is bound to a site. This is detailed in the instructions but once this is done then the error you seeing with be gone and the cert will be fully validated.

    Ash.
    Yup did that as the standard procedure as we had an ipsCA cert when we upgraded to Exchange 2007 a few years back, IE seems fine but Firefox looks like it's still moaning when I tried it from home this morning

  4. #19

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    737
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    36
    Quote Originally Posted by gshaw View Post
    Yup did that as the standard procedure as we had an ipsCA cert when we upgraded to Exchange 2007 a few years back, IE seems fine but Firefox looks like it's still moaning when I tried it from home this morning
    Hi,

    Yeah firefox will still display the error because they (mozilla) have not yet put the global root CA for the IPSCA on their CRL list and hence you get the error. Both IPSCa and mozilla are working on it and it will be added soon, at least this is what i have read on the forums.

    Ash.

  5. #20
    Oops_my_bad's Avatar
    Join Date
    Jan 2007
    Location
    Man chest hair
    Posts
    1,738
    Thank Post
    438
    Thanked 53 Times in 50 Posts
    Rep Power
    30
    I guess the cert will be working on Mozilla in a few months maximum. Remember the old ipsca root cert was 10 years old so it's hardly suprising it was working in Mozilla

  6. #21

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,505
    Thank Post
    1,492
    Thanked 1,050 Times in 919 Posts
    Rep Power
    302
    I still have yet to get my cert! I am not happy about that, and its causing chaos for us, I think I will just get a 12 month Godaddy one for now they were cheap enough and then use that for 12 months and hope this is sorted this time next year

  7. #22
    tonyd's Avatar
    Join Date
    Mar 2006
    Location
    Kent (Sometimes), UK
    Posts
    163
    Thank Post
    17
    Thanked 42 Times in 31 Posts
    Rep Power
    24
    My advice is, if you're waiting for ipsCA, just grab a free 90 day one from somewhere like here - http://www.instantssl.com/ , then try again for your free 2 year cert from ipsCA in a month or two when they've settled down. Alternatively, maybe try a free one from here - http://cert.startcom.org/ - I beleive they are valid for one year.
    Last edited by tonyd; 8th January 2010 at 03:31 PM.

  8. Thanks to tonyd from:

    john (8th January 2010)

  9. #23

    Join Date
    Oct 2008
    Posts
    213
    Thank Post
    2
    Thanked 11 Times in 11 Posts
    Rep Power
    21
    An update as sorts. The staff who use firefox are savvy enough to not care about the certificate after I explained to them. The staff who were having issues (all XP) were given the november certificate update pack from microsoft and told to install. None have returned with issues.

    One thing I have noticed is that it has thrown peoples mobiles out. My mobile refused to accept the new root CA so I needed to actually install the root cert before OMA and sync worked. The same thing for the blackberrys, they didnt seem to want to talk to our exchange server either so again I needed to import the root CA. This was only for our SMT (and me) though so not a major issue, however, if you use mobile devices around the school - be aware that you may have issues.

    Internally I distributed the cert pack via WSUS. I have no idea why I.E. was not picking up the certificates internally - I *suspect* that WSUS prevents this as squid or DG has not picked up any traffic (from one of my test machines) when I tried to access the seemingly untrusted root CA, hence me needing to keep up to date with the cert packs on WSUS.

    In any case, i'll stick with ipsCA for a while, simply because it works for what I want it too at the moment and since im moving our exchange server to x64 2008 and exchange 2007 over summer I would prefer a free wildcard certificate to a cheaper godaddy UCC cert.
    Last edited by KK20; 14th January 2010 at 10:48 AM.

  10. #24
    morganw's Avatar
    Join Date
    Apr 2009
    Location
    Cambridge
    Posts
    816
    Thank Post
    46
    Thanked 132 Times in 126 Posts
    Rep Power
    39
    Just updated to the new IPSCA certficates on our Moodle server, still getting invalid certificate from workstations. We are CC3 so I can't use WSUS to install the Microsoft certificate update. I can see in the eventviewer "Successful auto update retrieval of third-party root certificate" everytime I hit the SSL login page with acompanying 10 second delay. At the moment I'm worse off than before I had the new certificate, at least it would fail faster before the update.

  11. #25

    Join Date
    Oct 2008
    Posts
    213
    Thank Post
    2
    Thanked 11 Times in 11 Posts
    Rep Power
    21
    I suggest rolling out the root cert pack listed above.

  12. #26
    MattGibson's Avatar
    Join Date
    May 2008
    Location
    Epsom
    Posts
    169
    Thank Post
    20
    Thanked 11 Times in 8 Posts
    Rep Power
    15
    Hi Everyone,

    Not been on here for a while but we had the same problem, I've renewed both of our certificates with ipsCA and I had to manually install the up-to-date root kit on the servers.

    Followed their instructions for the Global CA and Intermediate CA, once these are installed teachers connecting to the OWA address were no longer getting the "This is not a trusted site" message however when I returned to work on the Monday morning everybody inside the network were getting the "this is not a trusted site" message even though WSUS had installed all its updates.

    I went into the default domain GPO and added the Global CA to the Trusted intermediate certificates store This means upon a restart all the computers were picking this up.

    One finale thing was to create a zone in DNS so that when users inside went to the https://our-domain.com it would automatically point to the internal address rather that going out and then back in.

    Hope this will help you guys, let me know if i can assist you in anyway

    Cheers

    Matt Gibson

  13. Thanks to MattGibson from:

    morganw (22nd January 2010)

  14. #27
    maark's Avatar
    Join Date
    Feb 2006
    Location
    leicester
    Posts
    470
    Thank Post
    90
    Thanked 73 Times in 65 Posts
    Rep Power
    38
    Just to say I have had a new certificate from Ipsca and after following advice updating global and level 1 certs and installed cert update pack then certificate works fine internally and externally so worth it for anyone looking for free certificates.

  15. #28
    ful56_uk's Avatar
    Join Date
    Mar 2008
    Location
    Essex
    Posts
    554
    Thank Post
    105
    Thanked 23 Times in 21 Posts
    Rep Power
    17
    I installed the new root ca on our tmg box but till get the problem the cert has been revoked. This is a right bloody pain

    any know were you can get cheap ssl wild card certs?

  16. #29

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,505
    Thank Post
    1,492
    Thanked 1,050 Times in 919 Posts
    Rep Power
    302
    Quote Originally Posted by ful56_uk View Post
    I installed the new root ca on our tmg box but till get the problem the cert has been revoked. This is a right bloody pain

    any know were you can get cheap ssl wild card certs?
    Go Daddy did mine was cheap enough

  17. #30
    altecsole's Avatar
    Join Date
    Jun 2005
    Location
    Morecambe, Lancashire, UK.
    Posts
    281
    Thank Post
    39
    Thanked 36 Times in 26 Posts
    Rep Power
    25
    Quote Originally Posted by ful56_uk View Post
    I installed the new root ca on our tmg box but till get the problem the cert has been revoked. This is a right bloody pain

    any know were you can get cheap ssl wild card certs?
    A server reboot fixed this for us. Now the ipsCA cert is recognised by IE with the latest updates installed. We're still waiting for other browsers to update. As we only use the cert for webmail this isn't really a problem for us; we just put an explanation about the warning on our homepage.

SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. Cannot log in as root
    By Teth in forum *nix
    Replies: 3
    Last Post: 30th November 2007, 02:37 PM
  2. Forest Root concerns
    By u8dmtm in forum Wireless Networks
    Replies: 1
    Last Post: 13th December 2006, 11:43 AM
  3. Root Kits
    By tickmike in forum Windows
    Replies: 3
    Last Post: 15th November 2006, 11:00 PM
  4. Now they want my server root password.
    By tickmike in forum General Chat
    Replies: 29
    Last Post: 9th September 2006, 11:23 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •