OMSA Web server certification cihpers

Question

What are the correct strong ciphers to stop getting the NET::ERR_CERT_AUTHORITY_INVALID and This server could not prove that it is xxxx; its security certificate is not trusted by your computer's operating system. warning when opening OMSA. We use the current version of chrome by default.  I was poking around in the OMSA web server settings and it seems to me the issue is the tsl1 and some leftover SSL options in the cipher strings and the fact that it is using 128 instead of 256. I know at one point the old fix involved removing the ciphers that used dhe_rsa and now I am wondering if the issues are 128 vs 256 with the browses along with some residuals SSL vs tls1 ciphers remnants left in the ciphers even though the protocols choices selected are tlsv1.1 and tlsv1.2 OMSA ver is 8.5. My other servers are doing the same thing using various other versions of OMSA.

Daniel My · Accepted Answer

Hello

NET::ERR_CERT_AUTHORITY_INVALID

The message indicates that the browser does not like the certificate authority. OMSA uses a self-signed certificate. Many browsers see this as a potential security issue.

Thanks

Cyberdiver · Answer

So I need to replace the cert certificate for that.  Still working on my CA server.  Just annoying me that I have to go through like 4 prompts to get logged in to the OMSA.  Have to progress past the server cert issue but then I have to cancel the first login popup because it does not work right once I hit cancel then I get the OMSA login screen. Now the cert I need to change is that for the web server or the server as a whole? Just wondering if I have to change 2 or 1. My hope is our AD CA once it is up and running will auto-enroll the devices.

Daniel My · Answer

You can locate the certificate options within OMSA by selecting Preferences at the top right. Under General Settings there are Properties and X.509 Certificate settings. All of the available security options should be within those tabs.

Thanks

Systems Management General

Was this post helpful?