Server and scanners can't communicate after new SSL certificate is applied
Last Updated February 13, 2012
After installing a new SSL certificate on the Risk Automation Suite Portal, the scanners can no longer communicate with the portal. Re-registration attempts also fail due to lack of communication. The portal is still accessible through the WebUI.
Scanners give error "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
Windows reports "Integrity of Certificate Cannot Be Guaranteed. Certificate May be corrupted or altered."
Windows 2008 has new additions to the cryptography API that are used in the V3 certificate templates for CA's and Webservers in Windows 2008. This includes support for certificate signing algorithms which are not recognized by older clients such as Windows 2003 servers.
Install Microsoft KB 968730 to allow Server 2003 SP2 boxes to both enroll from a SHA2 certificate authority and process SHA2 certificates.
Risk Automation Suite Portal installed on Windows server 2008.
Scanners installed on Windows Server 2003 SP2.
Imported Document ID: TECH181356
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe