locked
Certificate Error with Remote Access RRS feed

  • Question

  • I have just started to get a Certificate Error since Saturday 18th Sept, when previously I could access my server with HTTPS://******.homeserver.com within Firefox or IE8 with no problems whatsoever. I use this as a means of testing my remote access. I first thought it was a problem with my Windows 7 64-bit PC, so I restored a previous backup but with the same problem. I then tried accessing the server remotely on my wife's laptop with the same result, so I then concluded that it must be a problem with my 6 month old Netgear DGND3300 router despite the server console saying it was set up correctly (which I had always previously setup manually as it originally did not want to play with UPNP correctly but after a firmware update awhile back it does now).  After installing my old Netgear DG834G v4, it worked perfectly as sonn as I plugged it back in. I do not understand how these certificates work at all or how and where to install them.

    I did note that in a Windows help file it stated that the certificate was installed with the connector software, but I uninstalled and reinstalled the s/w and it does not. The certificate listed in the error appears to be linked to Netgear and is shown out of date. In my certicate manager in Firefox under the Server tab I have 3 certificates listed for my home server address, 2 from GoDaddy (one of which has the wrong IP address, probably from a previous Billion router I had before it failed prematurely) and one from Netgear listed as CGD34NT which expired 27/10/09. I have since deleted the GoDaddy cert with the wrong IP. Every time I get the Certicate Error it always states it is the Netgear one and not from GoDaddy.

    I have also noted that with my new Netgear DGND3300 router my console keeps stating that verifying of port forwarding has failed. So I keep turning off remote access to clear the error and then re-enable it  and it states it is correctly set, then about 5-10 minutes later it then fails again with the same error. When I switched to my older previous Netgear it seemed perfectly OK from the offset. Would that indicate a router fault. I have already tried setting to factory defaults with no luck. I have set remote access manually as I have always done and also with UPNP on (now that it supposedly works) but I keep getting the port forwarding error.

    So could anyone please help me in resolving this problem to restore the correct certificate in the correct place or confirm a possible router fault. I have tried to explain in length the nature of the problem and what I have done to try and resolve it.

    I noticed that in a similar error Ken stated that you could not access the server locally (Intranet) with the GoDaddy certificate but I have been doing this the very beginning but possibly with the Netgear certificate wherever that came from, certainly not something that I have ever asked for.

    All this seems to have happened since the latest Microsoft updates which I have just done as I was away for a few days when it was released.

    Colin

    EDIT

    I seem to have cured the port forwarding error by deleting the 2nd Godaddy certificate with the incorrect IP, but the certificate error stills exists unless as Ken states "that it is not possible with the GoDaddy cert", despite me managing it since day one.

    • Edited by wecpc Monday, September 20, 2010 11:38 PM update
    Monday, September 20, 2010 10:56 PM

Answers

  • The certificate you have on your server is for the xxxx.homeserver.com vanity URL, if it's from GoDaddy. It doesn't reference your server by NetBIOS name (you could use this to access it inside your home). So https://yourserver.homeserver.com  shouldn't show a certificate error, while https://yourserver should.
    I'm not on the WHS team, I just post a lot. :)


    Since deleting the incorrect Godaddy certificate, I now now no longer get the certificat error.

    In Firefox I get this:

    The connection has timed out

    The server at xxx.homeserver.com is taking too long to respond.

      *   The site could be temporarily unavailable or too busy. Try again in a few
              moments.

        *   If you are unable to load any pages, check your computer's network
              connection.

        *   If your computer or network is protected by a firewall or proxy, make sure
              that Firefox is permitted to access the Web.


    In IE8 I get:

    Internet explorer cannot display the webpage and If then select Diagnose , it then states problem found xxx.homeserver.com is online but is not responding .

    If I then select Detailed Information It then tells me there is a problem with port 443 .

    As port 443 is properly forwarded and confirmed by the console, had worked previously since day one and friends confirm that the server is accessible from outside my network, could it be a problem with the router. This is also confirmed as a possibility as my previous Netgear router connects without problem which seems to rule out anything else.

    I have just recently upgraded from NIS 2010 to version 2011, but I have tried disabling that with no effect but then again it does work OK with the old router. Is it all possible for a router to fail in this respect as I have never heard of such a thing happening before and I used to sell them when I had my own computer shop.

    I might have to consult with the Netgear support line but they are terrible to deal with or resort to my old Netgear DG834 v4 and dump this Netgear DGND3300 v2, although I would then loose the 'N' wireless for my wife's laptop.

    Colin

            
    Edit

         I have just sorted the problem myself after reading an item on loopback (which a previous Billion router I had did not do or apparantly this newer Netgear). The solution was just simply to add

                                                                     https://www.xxx.homeserver.com/

    to my HOSTS file which I had done previously, (intially for the Billion), but it had been overwritten with a newer MVP one a little while ago. All I had to do then was to create an exception for the invalid certificate and it was done and dusted.

    Thanks for your help anyway Ken.

     

    Colin

    • Edited by wecpc Tuesday, September 21, 2010 11:06 PM Fixed it myself
    • Marked as answer by wecpc Tuesday, September 21, 2010 11:06 PM
    Tuesday, September 21, 2010 9:39 PM

All replies

  • The certificate you have on your server is for the xxxx.homeserver.com vanity URL, if it's from GoDaddy. It doesn't reference your server by NetBIOS name (you could use this to access it inside your home). So https://yourserver.homeserver.com shouldn't show a certificate error, while https://yourserver should.
    I'm not on the WHS team, I just post a lot. :)
    Tuesday, September 21, 2010 12:38 PM
    Moderator
  • The certificate you have on your server is for the xxxx.homeserver.com vanity URL, if it's from GoDaddy. It doesn't reference your server by NetBIOS name (you could use this to access it inside your home). So https://yourserver.homeserver.com  shouldn't show a certificate error, while https://yourserver should.
    I'm not on the WHS team, I just post a lot. :)


    Since deleting the incorrect Godaddy certificate, I now now no longer get the certificat error.

    In Firefox I get this:

    The connection has timed out

    The server at xxx.homeserver.com is taking too long to respond.

      *   The site could be temporarily unavailable or too busy. Try again in a few
              moments.

        *   If you are unable to load any pages, check your computer's network
              connection.

        *   If your computer or network is protected by a firewall or proxy, make sure
              that Firefox is permitted to access the Web.


    In IE8 I get:

    Internet explorer cannot display the webpage and If then select Diagnose , it then states problem found xxx.homeserver.com is online but is not responding .

    If I then select Detailed Information It then tells me there is a problem with port 443 .

    As port 443 is properly forwarded and confirmed by the console, had worked previously since day one and friends confirm that the server is accessible from outside my network, could it be a problem with the router. This is also confirmed as a possibility as my previous Netgear router connects without problem which seems to rule out anything else.

    I have just recently upgraded from NIS 2010 to version 2011, but I have tried disabling that with no effect but then again it does work OK with the old router. Is it all possible for a router to fail in this respect as I have never heard of such a thing happening before and I used to sell them when I had my own computer shop.

    I might have to consult with the Netgear support line but they are terrible to deal with or resort to my old Netgear DG834 v4 and dump this Netgear DGND3300 v2, although I would then loose the 'N' wireless for my wife's laptop.

    Colin

            
    Edit

         I have just sorted the problem myself after reading an item on loopback (which a previous Billion router I had did not do or apparantly this newer Netgear). The solution was just simply to add

                                                                     https://www.xxx.homeserver.com/

    to my HOSTS file which I had done previously, (intially for the Billion), but it had been overwritten with a newer MVP one a little while ago. All I had to do then was to create an exception for the invalid certificate and it was done and dusted.

    Thanks for your help anyway Ken.

     

    Colin

    • Edited by wecpc Tuesday, September 21, 2010 11:06 PM Fixed it myself
    • Marked as answer by wecpc Tuesday, September 21, 2010 11:06 PM
    Tuesday, September 21, 2010 9:39 PM
  • Hi I've been having a very similar problem albeit the router model is a Netgear DGN3500. Accessing our server remotely brings up the 'CGD34NT certificate error' each time, followed by the '403 forbidden' error. With the original Linksys router, the error disappears and we are able to access the server.

    How do you create an exception for this particular certificate on a Windows PC ? There doesn't appear to be an option for this.

    Much appreciated

    Mark

    Tuesday, November 2, 2010 9:47 AM