This article applies to:
OS: Windows 2008 R2, Windows 2012 R2
Product edition: inSync on-Premise 5.5,5.8,5.9
Problem description
Even after configuring the SSL certificate for inSync On-Premise, the browser displays the following error while accessing the inSync Management Console.
“Your connection is not private” Error: NET::ERR_CERT_REVOKED
Under Developer tools, the browser displays Subject Alternative Name missing.
Traceback
From CPORTAL.log we see the below errors if DEBUG is enabled :
[2018-03-07 15:24:27,927] [DEBUG] Read from socket failed, [('SSL routines', 'SSL3_READ_BYTES', 'ssl handshake failure')]. [2018-03-07 15:24:27,927] [DEBUG] Read from socket failed, [('SSL routines', 'SSL3_READ_BYTES', 'ssl handshake failure')]. [2018-03-07 15:24:35,661] [DEBUG] Read from socket failed, [('SSL routines', 'SSL3_READ_BYTES', 'ssl handshake failure')]. [2018-03-07 15:24:54,630] [DEBUG] Read from socket failed, [('SSL routines', 'SSL3_READ_BYTES', 'tlsv1 alert unknown ca')].
Cause
This issue is a generic certificate behavior and is not related to inSync On-Premise server.
When you check the certificate, the Subject Alternative Name is displayed as missing. Additional information and a specific error is displayed within the developer tool as "The certificate for this site does not contain a Subject Alternative Name extension containing a domain name or IP address."
Resolution
Ensure that the procured certificate has a Subject Alternative Name mentioned in the certificate. The name is either for the alias entry of the Domain or for the FQDN of the server for which the certificate is procured.
You can procure the certificate either through a third party or an internal CA. You can specify additional hostnames (such as sites, IP addresses, common names, and so on) inside the Subject Alternative Name field to protect them with a single SSL certificate, such as Multi-Domain SAN or Extend Validation Multi-Domain Certificate.
💡 Tip
You can also use the “Issued To” entity to access the inSync portal.