DLG_FLAGS_SEC_CERT_CN_INVALID
Article ID: 71639
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)
CA Privileged Access Manager (PAM)
Issue/Introduction
Following is what is displayed in IE11 and breaks the normal flow of Federation/Authentication.
This site is not secure
This might mean that someone's trying to fool you or steal any info you send to the server. You should close this site immediately.
The hostname in the websites's security certificate differs from the website you are trying to visit.
Error Code: DLG_FLAGS_SEC_CERT_CN_INVALID
Environment
IDP: 3rd Party
SP: PAM 3.1.1
Browser: Chrome, IE11
SP: PAM 3.1.1
Browser: Chrome, IE11
Cause
This certificate error message is misleading. It gives impression that the CN value of the certificate was invalid.
The CN value did not include any invalid characters. It had hyphen in the name but that is legal character.
This certificate in question passes all 3 criteria.
1. Does the CN(or SAN) value match the FQHN/DNS of the server? Yes
2. Is the Certificate Trusted? Yes
3. Is the Certificate Valid? Yes
From research this error can occur when Self-Signed Certificate is used.
The CN value did not include any invalid characters. It had hyphen in the name but that is legal character.
This certificate in question passes all 3 criteria.
1. Does the CN(or SAN) value match the FQHN/DNS of the server? Yes
2. Is the Certificate Trusted? Yes
3. Is the Certificate Valid? Yes
From research this error can occur when Self-Signed Certificate is used.
Resolution
Deployed on PAM a new certificate that was issued by a Certificate Authority.
This is not specific to PAM, when IE meets a self-signed certificate, you may encounter this error.
This is not specific to PAM, when IE meets a self-signed certificate, you may encounter this error.
Additional Information
https://support.microsoft.com/en-nz/help/931850/there-is-a-problem-with-this-website-s-security-certificate-when-you-t
Feedback
Yes
No
Powered by
