In connecting to a standard LCCS connection, via rtc:ConnectSessionContainer and a url of https://connectnow.acrobat.com/xxx/yyy we are having customers be exposed a warning panel in their browser stating that
" Revocation information for the security certificate for this site is not available"
We think this is because the security cert for
na2.collaboration.adobelivecycle.com
expires in less than a month (July 24th), which cause warnings in some setup/browser since it is a short life span left.
1. Can you confirm that this is the cause?
2. How can we prevent this warnign being exposed to our users?
Many thanks
Will
Views
Replies
Total Likes
Thanks for reporting this Will,
We're going to talk to our operations team and try to get to the bottom of
this.
nigel
Views
Replies
Total Likes
Hi Will,
So, we're (prematurely) renewing our cert shortly to see if this
ameliorates your issue. In the meantime, if you could get us a couple of
bits of info, we'd really appreciate it :
A) Which browsers / OSes / etc are you seeing this dialog from?
B) If you used https://collaboration.adobelivecycle.com/xxx/yyy for your
roomURLs, does this avoid the issue? (Either URL should work)
thanks again for the report!
nigel
Views
Replies
Total Likes
Hi Nigel
Thanks for your time on this.
A) Which browsers / OSes / etc are you seeing this dialog from?
Based on our logs, I believe their user-agent is
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.112 Safari/534.30
but I am not 100% sure they tested with this one.
- I believe they have some intermediary Bluecoat device, based on headers, which may do their own certificate checks, and generate the alert (browser independent).
B) If you used https://collaboration.adobelivecycle.com/xxx/yyy for your
roomURLs, does this avoid the issue? (Either URL should work)
We did make the change to collaboration.adobelivecycle.com and are waiting to hear back from the customer if it removed the warnings. You can view the test content here:
http://evt.dispeak.com/syscheck/SystemCheck2.html
In inspecting that connection, the initial request goes to collaboration.adobelivecycle.com but then there is a 2nd request that goes to na2.collaboration.adobelivecycle.com.
na2.collaboration.adobelivecycle.com resolves to 209.34.68.171
as opposed to
collaboration.adobelivecycle.com that resolves to 209.34.68.173
I also noted that using Chrome, the CONNECT happens to another domain, “fms6.acrobat.com” (209.34.68.83), which has a valid certificate.
Here is my Fiddler sniffing, with IE, see line 9:
# Result Protocol Host URL Body Caching Content-Type Process Comments Custom
2 200 HTTP evt.dispeak.com /syscheck/SystemCheck2.html 4,417 text/html iexplore:12856
3 403 HTTP evt.dispeak.com /syscheck/history/history.css 242 application/xml iexplore:12856
4 200 HTTP evt.dispeak.com /syscheck/AC_OETags.js 8,641 application/octet-stream iexplore:12856
5 403 HTTP evt.dispeak.com /syscheck/history/history.js 242 application/xml iexplore:12856
6 200 HTTP evt.dispeak.com /syscheck/SystemCheck2.swf 308,411 application/x-shockwave-flash iexplore:12856
7 200 HTTP CONNECT collaboration.adobelivecycle.com:443 0 iexplore:12856
8 200 HTTP ocsp.verisign.com /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB%2B2DViUmQEUw3ggwQUDURcFlNEwYJ%2BHSCrJfQBY9i%2BeaUCEGeE%2Bg3LuvK9uYagSmubMXA%3D 1,595 max-age=380356, public, no-transform, must-revalidate Expires: Mon, 04 Jul 2011 06:18:37 GMT application/ocsp-response iexplore:12856
9 200 HTTP CONNECT na2.collaboration.adobelivecycle.com:443 0 iexplore:12856
Fyi, I tested the certificate with http://www.digicert.com/help/
Cheers
Will
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies