Skip to main content
Druva Documentation

Certificate error while accessing the inSync Admin Console

This article applies to:

  • OS: Windows 2008 R2, Windows 2012 R2
  • Product edition: inSync on-Premise 5.5,5.8,5.9

Problem description

Even after configuring the SSL certificate for inSync On-Premise, the browser displays the following error while accessing the inSync Management Console.
“Your connection is not private”
Error: NET::ERR_CERT_REVOKED
 

BrowserAddressBar.png

Under Developer tools, the browser displays Subject Alternative Name missing. 

CertificateError.png

Traceback

From CPORTAL.log we see the below errors if DEBUG is enabled :
[2018-03-07 15:24:27,927] [DEBUG] Read from socket failed, [('SSL routines', 'SSL3_READ_BYTES', 'ssl handshake failure')].
[2018-03-07 15:24:27,927] [DEBUG] Read from socket failed, [('SSL routines', 'SSL3_READ_BYTES', 'ssl handshake failure')].
[2018-03-07 15:24:35,661] [DEBUG] Read from socket failed, [('SSL routines', 'SSL3_READ_BYTES', 'ssl handshake failure')].
[2018-03-07 15:24:54,630] [DEBUG] Read from socket failed, [('SSL routines', 'SSL3_READ_BYTES', 'tlsv1 alert unknown ca')].

Cause

This issue is a generic certificate behavior and is not related to inSync On-Premise server. 

When you check the certificate, the Subject Alternative Name is displayed as missing. Additional information and a specific error is displayed within the developer tool as "The certificate for this site does not contain a Subject Alternative Name extension containing a domain name or IP address." 

Resolution

Ensure that the procured certificate has a Subject Alternative Name mentioned in the certificate. The name is either for the alias entry of the Domain or for the FQDN of the server for which the certificate is procured. 

You can procure the certificate either through a third party or an internal CA. You can specify additional hostnames (such as sites, IP addresses, common names, and so on) inside the Subject Alternative Name field to protect them with a single SSL certificate, such as Multi-Domain SAN or Extend Validation Multi-Domain Certificate.

You can also use the “Issued To” entity to access the inSync portal.