INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

Avaya Application Server Certificate error with Chrome but not with IE

Avaya Application Server Certificate error with Chrome but not with IE

Avaya Application Server Certificate error with Chrome but not with IE

(OP)
IP500v2 R9.1 SP12 with Application Server R9.1 SP12

I have a valid certificate for my application server that works with IE, but for some reason when I visit same admin page for application server with Chrome 62 it shows "Not Secure", when I get into the developer tools for chrome to see why, it shows

"Obsolete connection settings
The connection to this site uses TLS 1.2 (a strong protocol), ECDHE_RSA with P-256 (a strong key exchange), and AES_128_CBC with HMAC-SHA1 (an obsolete cipher)."

On IE it shows the site is secure, my issue is with Chrome.

In application server, the generated certificate was made with highest settings:
Public Key Algorithm: RSA-2048
Secure Hash Algorithm: SHA-256

RE: Avaya Application Server Certificate error with Chrome but not with IE

You're not saying which version you are on but this is supposed to be fixed in later versions of SE/AppServer

"Trying is the first step to failure..." - Homer

RE: Avaya Application Server Certificate error with Chrome but not with IE

(OP)
I just updated the title, i have most updated IP500v2 R9.1 SP12 with Application Server R9.1 SP12, should i generate a new cert?

RE: Avaya Application Server Certificate error with Chrome but not with IE

(OP)
Ok, issue resolved, i just generated a new cert and restarted the Application server and now shows valid

RE: Avaya Application Server Certificate error with Chrome but not with IE

Chrome and IE have different metrics by which they'll decide something is or isn't secure.

So, even if a cert is valid and kosher, and even if it's CN and subjectAltName have the FQDN in there, if it's not in DNS and you're just testing it out by popping that FQND+IP in your hosts file, IE will call that secure with the little green lock (despite when clicking on that lock it shows the cert with a question mark) whereas Chrome actually checks the DNS server. So foo.bar in your hosts file to 1.2.3.4 and the server with cert to foo.bar at 1.2.3.4 actually exists, if Chrome can't "nslookup foo.bar" and get "1.2.3.4" back, it'll never consider the connection secure.

Welcome to UC and the modern web. It's not good enough for dial tone if it's not good enough to run e-commerce and financial transactions.

RE: Avaya Application Server Certificate error with Chrome but not with IE

Avaya works very closely with Microsoft for years and my guess is that MS whitelists the Avaya certificates by default, even the self signed ones.

Joe W.

FHandw, ACSS (SME)


"This is the end of the world, make sure to buy your T-shirt before it is too late"
Original expression of my daughter

RE: Avaya Application Server Certificate error with Chrome but not with IE

The problem is not SHA1, it's Chrome that considers AES_128_CBC obsolete, IE might not do that yet.
Check the new certificate and see what the encryption is on that.

"Trying is the first step to failure..." - Homer

RE: Avaya Application Server Certificate error with Chrome but not with IE

(OP)
In the chrome navbar shows site is secure in green, when I goto dev tools, under security overview it states:

"This page is secure (valid HTTPS)" in Green

"Valid certificate
The connection to this site is using a valid, trusted server certificate issued by ipoffice-root-xxxx.avaya.com."

"Secure resources
All resources on this page are served securely"

"Obsolete connection settings
The connection to this site uses TLS 1.2 (a strong protocol), ECDHE_RSA with P-256 (a strong key exchange), and AES_128_CBC with HMAC-SHA1 (an obsolete cipher)."

although it states AES_128_CBC is obsolete cipher, site is showing all green, and no issues, so i am ok with that.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close