Expand my Community achievements bar.

Revocation information for the security certificate for this site is not available

Avatar

Level 2
Level 2
6/29/11 9:14:58 AM

In connecting to a standard LCCS connection, via rtc:ConnectSessionContainer and a url of https://connectnow.acrobat.com/xxx/yyy  we are having customers be exposed a warning panel in their browser stating that

" Revocation information for the security certificate for this site is not available"

We think this is because the security cert for

na2.collaboration.adobelivecycle.com

expires in less than a month (July 24th), which cause warnings in some setup/browser since it is a short life span left.

1. Can you confirm that this is the cause?

2. How can we prevent this warnign being exposed to our users?

Many thanks

Will

Views

3.8K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
3 Replies

Avatar

Former Community Member
6/29/11 9:51:00 AM

Thanks for reporting this Will,

We're going to talk to our operations team and try to get to the bottom of

this.

nigel

Views

598

Replies

0

Total Likes

Translate
Translate

Avatar

Former Community Member
6/29/11 1:10:00 PM

Hi Will,

So, we're (prematurely) renewing our cert shortly to see if this

ameliorates your issue. In the meantime, if you could get us a couple of

bits of info, we'd really appreciate it :

A) Which browsers / OSes / etc are you seeing this dialog from?

B) If you used https://collaboration.adobelivecycle.com/xxx/yyy for your

roomURLs, does this avoid the issue? (Either URL should work)

thanks again for the report!

nigel

Views

596

Replies

0

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
6/29/11 8:40:43 PM

Hi Nigel

Thanks for your time on this.

A) Which browsers / OSes / etc are you seeing this dialog from?

Based on our logs, I believe their user-agent is

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.112 Safari/534.30

but I am not 100% sure they tested with this one.

- I believe they have some intermediary Bluecoat device, based on headers, which may do their own certificate checks, and generate the alert (browser independent).

B) If you used https://collaboration.adobelivecycle.com/xxx/yyy for your

roomURLs, does this avoid the issue? (Either URL should work)

We did make the change to collaboration.adobelivecycle.com and are waiting to hear back from the customer if it removed the warnings. You can view the test content here:

http://evt.dispeak.com/syscheck/SystemCheck2.html

In inspecting that connection, the initial request goes to collaboration.adobelivecycle.com but then there is a 2nd request that goes to na2.collaboration.adobelivecycle.com.

na2.collaboration.adobelivecycle.com  resolves to 209.34.68.171

as opposed to

collaboration.adobelivecycle.com that resolves to 209.34.68.173

I also noted that using Chrome, the CONNECT happens to another domain, “fms6.acrobat.com” (209.34.68.83), which has a valid certificate.

Here is my Fiddler sniffing, with IE, see line 9:

#             Result   Protocol               Host       URL        Body      Caching                Content-Type    Process                Comments                Custom             

2              200         HTTP      evt.dispeak.com              /syscheck/SystemCheck2.html  4,417                     text/html                iexplore:12856                               

3              403         HTTP      evt.dispeak.com              /syscheck/history/history.css     242                         application/xml                iexplore:12856                               

4              200         HTTP      evt.dispeak.com              /syscheck/AC_OETags.js              8,641                     application/octet-stream                iexplore:12856                               

5              403         HTTP      evt.dispeak.com              /syscheck/history/history.js       242                         application/xml                iexplore:12856                               

6              200         HTTP      evt.dispeak.com              /syscheck/SystemCheck2.swf    308,411                 application/x-shockwave-flash      iexplore:12856                               

7              200         HTTP      CONNECT            collaboration.adobelivecycle.com:443    0                                              iexplore:12856                               

8              200         HTTP      ocsp.verisign.com            /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB%2B2DViUmQEUw3ggwQUDURcFlNEwYJ%2BHSCrJfQBY9i%2BeaUCEGeE%2Bg3LuvK9uYagSmubMXA%3D               1,595                max-age=380356, public, no-transform, must-revalidate  Expires: Mon, 04 Jul 2011 06:18:37 GMT                application/ocsp-response          iexplore:12856                               

9              200         HTTP      CONNECT            na2.collaboration.adobelivecycle.com:443         0                                              iexplore:12856                               

Fyi, I tested the certificate with http://www.digicert.com/help/

Cheers

Will

Views

604

Replies

0
Sign in to like this content

Total Likes

Translate
Translate