Upgraded to 2.0.1 and now can't use SSL

[jrr425]

I just upgraded our Vault 1.2.3 installation to 2.0.1 and now the SSL connections have stopped working through the client and admin tool (non-SSL works fine). I can still connect SSL to the web server (the web client works fine over SSL). We issue our own certificates using Certificate Server and haven't had any issues before. Most of the info in the error message (below) is correct but it isn't showing a hostname. Server is Windows 2003 and client has been tried on Windows 2003 and XP. Ideas?

--Jared

[jeremy_sg]

Jared,

Is there a specific error that comes up after you click the ok button on that dialog? The Certificate Problem dialog is probably coming up because the issuer is not in your list of trusted certificate issuers. When you choose to Accept the certificate always, Vault stores that certificate and will compare any certificates with problems to that certificate to accept it or not.

[jrr425]

Is there a specific error that comes up after you click the ok button on that dialog?

If I accept the certificate as is, it works fine (both first and second radio buttons).

The Certificate Problem dialog is probably coming up because the issuer is not in your list of trusted certificate issuers.

Keep in mind that this has worked before. Both clients are in the same domain with the server so they automatically trust the CAs (via group policy I think). The clients fully accept the certificate through IE and I did not have to accept the certificate as if it was from a non-trusted issuer.

Next step?

--Jared

[jeremy_sg]

So the problem is that if you choose to accept always, you're still prompted to accept the certificate? Are all users having this problem?

One problem is that Vault doesn't make the determination if there is a problem with the certificate. We register a callback with the .Net Framework and it calls us to tell us that there is a problem with the certificate. In this case it's giving Vault the useful error code of "Unknown Certificate Problem"