IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

Browser ERR_CERT_AUTHORITY_INVALID warning

1. Browser ERR_CERT_AUTHORITY_INVALID warning

Like
GURER ONDER
Posted Wed December 30, 2020 02:32 PM

Reply
Hi all,

(IGI version 5.2.5.1)

While browsing service center, administarion console, virtual appliance browsers give the warning "ERR_CERT_AUTHORITY_INVALID" and we can continue by accepting the risk. Customer doesn't want to see this warning and I suggest putting a reverse proxy in front of igi but they insisted to update the certificate with their wildcard certificate. So I got a wildcard certificate of the company and tried to update the personal certificates from the va console but failed.

Is there a way to do this or the customer needs to put a reverse proxy in front of igi and follow the post How to configure a Reverse Proxy for IGI Service Console when internal openId is enabled

Thank you.

------------------------------
GURER ONDER
------------------------------
2. RE: Browser ERR_CERT_AUTHORITY_INVALID warning

Like
Joao Goncalves
Posted Sat January 02, 2021 11:54 AM

Reply
Have you checked the root chain certificates for their validation period?

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Original Message
3. RE: Browser ERR_CERT_AUTHORITY_INVALID warning

Like
GURER ONDER
Posted Sat January 02, 2021 04:36 PM

Reply
Hi Joao,

Certificates' validation period are valid. The problem is browsers don't trust VA's certificate because it is not a global signer. Is there a way to change the Personal certificate (not Signer) of VA with the company's own certificate?

Thanks.

------------------------------
GURER ONDER
------------------------------

Original Message
4. RE: Browser ERR_CERT_AUTHORITY_INVALID warning

Like
GURER ONDER
Posted Sun January 17, 2021 04:34 PM
Edited by GURER ONDER Sun January 17, 2021 04:35 PM

Reply
Problem is solved.

To upload the company's wildcard certificate the way is to upload it as a key store.
Even the original certificate that the VA generated, if you download it and try to upload it (.pem file) it fails. But if you build a key store and put this certificate into that store, now you can upload it as a store.

------------------------------
GURER ONDER
------------------------------

Original Message

IBM Verify

IBM Verify

Browser ERR_CERT_AUTHORITY_INVALID warning

GURER ONDERWed December 30, 2020 02:32 PM

Joao GoncalvesSat January 02, 2021 11:54 AM

GURER ONDERSat January 02, 2021 04:36 PM

GURER ONDERSun January 17, 2021 04:34 PM

1. Browser ERR_CERT_AUTHORITY_INVALID warning

2. RE: Browser ERR_CERT_AUTHORITY_INVALID warning

3. RE: Browser ERR_CERT_AUTHORITY_INVALID warning

4. RE: Browser ERR_CERT_AUTHORITY_INVALID warning

Additional
Resources

Office

Quick Links

IBM Verify

IBM Verify

Browser ERR_CERT_AUTHORITY_INVALID warning

GURER ONDERWed December 30, 2020 02:32 PM

Joao GoncalvesSat January 02, 2021 11:54 AM

GURER ONDERSat January 02, 2021 04:36 PM

GURER ONDERSun January 17, 2021 04:34 PM

1. Browser ERR_CERT_AUTHORITY_INVALID warning

2. RE: Browser ERR_CERT_AUTHORITY_INVALID warning

3. RE: Browser ERR_CERT_AUTHORITY_INVALID warning

4. RE: Browser ERR_CERT_AUTHORITY_INVALID warning

Related Content

Two-way SSL Database Configurations with IBM Security Identity Governance and Intelligence Virtual Appliance (IGI-VA)

Configuring IGI VA as OIDC Provider

Log Forwarder Configuration in IBM Security Identity Governance and Intelligence Virtual Appliance (IGI-VA)

How to configure IGI Service Center to authenticate against ADFS

Configure ISAM 9.0.6 as external OIDC with IGI

Additional Resources

Office

Quick Links

Additional
Resources