Skip to main content

Consistent Schannel Errors on Windows Logs


Event ID 36882: The Certificate Received From the Remote Server Was Issued By an Untrusted Certificate Authority.

Because authentication relies on digital certificates, certification authorities (CAs) such as Verisign or Active Directory Certificate Services are an important part of TLS/SSL. A CA is a mutually-trusted third party that confirms the identity of a certificate requestor (usually a user or computer), and then issues the requestor a certificate. The certificate binds the requestor’s identity to a public key. CAs also renew and revoke certificates as necessary. For example, if a client is presented with a server’s certificate, the client computer might try to match the server’s CA against the client’s list of trusted CAs. If the issuing CA is trusted, the client will verify that the certificate is authentic and has not been tampered with.

The Schannel provider creates the list of trusted certification authorities by searching the Trusted Root Certification Authorities store on the local computer. When Schannel detects a certificate that was issued by an untrusted certification authority, this error is logged.

The issue could be due to improper import of SSL CA.

Resolution : Re-import the certificate and monitor further.

 Fatal Error codes and description at : Error codes and descriptions

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

SQL Server

                                                                     SQL Server  Its been a while that I have updated my blog. Though Databases and SQL was something that I used to stay away as much as possible because for some reasons, I got to work on these all the day for 8-9 hours and sometimes haunting in the nights and weekends as well. However, it has been a good journey so far and I found some interesting stuff in SQL Server. So, this triggered an idea a couple of weeks back to share some cool stuff that I am learning in SQL Server over numerous sources. Hope I can make this a good series. As there are not much visitors to my blog, le...
4 comments
Read more

An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

If the certificate being used on the server was generated using the Legacy Key option in the certificate request form, the private key for that certificate will be stored in Microsoft's legacy Cryptographic API framework. When the web server tries to process requests using its new, Cryptographic Next Generation (CNG) framework, it appears that something related to the RSA private key stored in the legacy framework is unavailable to the new framework. As a result, the use of the RSA cipher suites is severely limited. To avoid the issue, you can try to generate the certificate request using the CNG Key template in the custom certificate request wizard.
Post a Comment
Read more

One-third of people 'would upgrade' to a Facebook phone - is Zuckerberg's latest project a serious rival to iPhone?

One-third of phone users would definitely upgrade to a Facebook phone  - and 73% think the phone is a ‘good idea’. News of the phone emerged, with sources claiming that Facebook had hired ex-Apple engineers to work on an ‘official’ Facebook phone.     It’s not the first Facebook phone to hit the market – the social network giant has previously partnered with INQ and HTC to produce Facebook-oriented handsets, including phones with a  built-in ‘Like’ button. It could be a major hit – a flash poll of 968 people conducted by MyVoucherCodes found that 32% of phone users would upgrade as soon as it became available. The key to its success could be porting apps to mobile – something Facebook is already doing. Separate camera and chat apps already separate off some site functions, and third-party apps will shortly be available via  a Facebook app store. Of those polled, 57% hoped that it would be cheaper than an iPhone – presumably support...
Post a Comment
Read more