Problem: My wildcard certificate seems to provoke problems with ucs services

Knowledge Base Community
, , , ,
#1

Problem:

When accessing several services within your UCS domain you run into errors like

Internal Server Error: service can’t be reached

The connection to the server could not be established. Please try again later. Error message: (‘Could not send request.’, SSLError(1, u’[SSL:CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl:c:661)’))

grafik

Also the following article might interesst you
Problem: My own certificate seems to provoke problems with ucs services

Investigation:

You are using a wildcard certificate for your UCS Domain intranet.domain.tld and the certificates subject is *.domain.tld.
Because your hostname is server.intranet.domain.tld the certificate is not covering that namespace.
According to RFC 2818 in “3.1. Server Identity” is stated that

Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com.

Solution

  1. You might use the self sign certificates that are shipped with UCS and provide the RootCA to your Clients
  2. You might use Lets’s Encrypt for certifying your Domain.
  3. You might obtain another wildcard certificate for your internal domain *.intranet.domain.tld.
1 Like
Problem: My own certificate seems to provoke problems with ucs services
Mastodon