Sunday, October 9, 2011

How to Solve Web Application alert: Untrusted CA – Solution I

When one creates a Web Application in order to monitor the availability and responses of a certain website, one might bump into this error: Untrusted CA:

Investigation taught me their might be two separate causes for this Alert, both related to the Watcher Node which run this Monitor. This posting will be about the first separate cause.

Sometimes I bump into environments where Windows Servers are installed and not patched on a regular basis. Many times because the people involved life by the credo ‘If it ain’t broke, don’t fix it’. Even though it might sound plausible there is too much to be said against it. But this posting isn’t about this approach, so I’ll refrain from it.

But whenever bumps into an issue like that there is a huge change the certificate store of the server involved is too old, thus missing out on renewed (and revoked!!!!) Root Certificates.

Servers like these are easily pinpointed. Open a rdp-session on the Watcher Node generating the Alert Untrusted CA - log on with local admin permissions - and start IE. Surf to the website which requires monitoring. When IE throws this error (or a similar one since the errors differs per IE version):

the Root Certificates require to be updated.

How to solve it
Open Control Panel go to Add or Remove Programs and select Add/Remove Windows Components. The Windows Components Wizard screen is started. Scroll down and select the option Update Root Certificates and click Next.

When the installation is finished the updated Root Certificates will be ‘installed’ on the server. Now the monitored website will be fine and the error will be gone.

In some conditions the error will return. If so there is another issue at play. Go here about how to solve that issue.

No comments: