Solutions to common SSL Errors

Below you will find the 2 different SSL Errors which can occur and a more detailed explenation on what causes them and how to resolve them.

Please be aware that this covers only the error messages within the AppTec Client and not any other error you may receive on another OS or software.

In case you are not using our OnPremise solution and instead using our Cloud solution, contact support@nullapptec360.com if you receive one of these errors. If you read this and you are not the AppTec administrator of your company, contact your administrator.

Important: Please understand that we are not a certificate vendor or a certificate provider. We do not sell or renew SSL certificates. If you have a question or problem with your specific SSL certificate, contact your certificate provider.

Also it is important to understand that the devices will receive the certificate and have to trust them. Therefore it can be possible that some devices trust a specific CA or certificate and others don’t.

Invalid SSL Configuration

 

Problem Description: The device is trying to connect to the server and can reach the server, but rejects the connection for security reasons because it could not verify the trustworthiness of the server certificate.
This happens in various cases:

  1. You have uploaded no intermediate certificate.
  2. You have uploaded the wrong intermediate certificate.
  3. You renewed or changed the certificate which requires a new intermediate certificate but you forgot to upload the new one.
  4. You need 2 intermediate certificates but you uploaded only one of them.
  5. The uploaded intermediate certificate is in the wrong format.
  6. Your devices are a few years old and does not have your CA (certificate authority) in its trust storage because the CA was founded after the last update of the trust storage.
  7. You are using a self-signed certificate.

 

Problem Solution: Below you will find the problem solution for every of the case described above

  1. Upload your intermediate certificate in Step 2 of the Appliance configuration.
  2. Get the correct intermediate certificate from your certificate provider. Ask them for help if you are unsure which one you need. Upload it in Step 2 of the Appliance configuration.
  3. See 1. and 2.
  4. Currently it is only possible to upload one intermediate certificate. Should you need 2 or more you can open them with a text editor and copy the content from the second one and paste it at the end of the first one. Please be aware that the correct order is important. Contact your certificate provider if you are unsure.
  5. The certificate should be in PEM format (PEM is a base64 encoded Certificate). Certificates in PEM format have usally the file extension .crt
    If your certificate isn’t accepted, try to import it with the freeware tool XCA and export it in PEM format.
  6. Update your device if possible. Maybe a new version contains an updated trust storage and your CA. If not, the only way to solve this is to install the root certificate of your CA on your device or get a new certificate from a CA that is listed in the trust storage of your device.
  7. When using a self-signed certificate you have to install your root CA on the device or switch to a trusted certificate from an official CA.