Problem Report: Single Sign On Issue - New certificate on one server not accepted by most browsers
Posted by postprob on January 05, 2010 at 07:55 AM
Problem: Single Sign On Issue - New certificate on one server not accepted by most browsers Cause: The new certificate is signed by a new signing authority certifcate (see notes) Affects: About 1/2 of all SSO users Started: 01/05/2010 04:00 AM Resolved: 01/05/2010 07:30 AM
Notes:
A new security certificate was put in place (but not applied) on one of the Single Sign On (SSO) servers because the old certificate was due to expire. The new certificate is "signed" by a new Entrust (our certificate vendor) signing certificate that has not yet been included in most web browser's trusted certificate bundles. We were planning on putting out instructions for installing the new certificate signing authority (called a CA certificate) prior to applying the new certificate, but an automated restart of the server applied it about a week ahead of schedule. We have backed the server out of production and will work on getting the instructions out prior to putting it back.
We regret the inconvenience caused by the early deployment.
Created: 01/05/2010 07:55:43 by dak
Updates: