SSL Validation Issues on Older Windows Servers

I ran into this last week, and this week Terry Mullican did as well. If you are trying to call a webservice and getting an error like this

Security Alert: the security certificate assigned to this site has not been released by a recognized or trusted company.

or this

The remote certificate cannot be authenticated.

Read on to find the solution

There are a number of condition that have to take place for this to be an issue for you. It all started in May of 2020 when one of Secticgo (formally Comodo) main certificates expired. Everything was suppose to be able to still verify via alternate certificate chains, but some older dlls don’t do it correctly.

In my case it was Windows Server 2012 R2 that was giving me the issue. PCSOFT (WINDEV or WEBDEV) depends on windows to actually do the certificate validation, which is why this will work fine on your test machine, but not when installed to production, if your production server is out of date.

The solution is to install two additional certificates for Sectigo. You need to download and install

Sectigo RSA Domain Validation Secure Server CA [ Intermediate ]

USERTrust RSA Root xSigned using AAA CA [ Cross Signed ]

If the above links don’t work for you they can both be found under the domain validation heading on this page…/Sectigo-Intermediate…

To install them on your windows server that is having the issue, run mmc, then add the certificate snap in, for the local computer.

Be sure to choose Local Machine (not current user when importing)

Select the certificate you just downloaded

And make sure that it installs them in the Intermediate Certification Authorities store

Once you have done both certificates, you should have something similar to the below and your webservice calls should work fine.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s