Home  ›  Could Not Save Some Information Entered Was Not Correct Please Fix All Errors and Try Again

Could Not Save Some Information Entered Was Not Correct Please Fix All Errors and Try Again

Written By Friday, May 20, 2022 Add Comment Edit

Editor's Note: This web log was originally posted in September of 2016. It has been reviewed for clarity and accuracy past GlobalSign Production Manager Sebastian Schulz and updated accordingly.

Sometimes, fifty-fifty  PKI veterans struggle with ordering or installing SSL/TLS certificates. This does not suggest a lack of knowledge – rather, those processes can bring up previously unseen errors. Ordering the right certificate, creating a CSR, downloading it, installing it, and testing it to brand certain there are no problems are all areas where one may encounter errors.

We desire to help make the procedure equally simple as possible from start to end. For that reason, we collated our superlative queries and issues that customers may face during ordering or installation. We hope this blog will assist you avoid those pitfalls and streamline your fourth dimension to completion, but if you lot take a trouble that yous cannot solve using this web log you can still cheque out the GlobalSign Support Knowledge Base of operations or submit a ticket.

Choosing the Correct Approval Method

There are three ways to accept your domain verified with us: approver electronic mail, HTTP verification, and DNS TXT record. And if at some point you grow tired of verifying domains every fourth dimension you order a certificate, why not give Managed SSL a try?

Note: When ordering an SSL Document from our system, approval methods cannot be changed once called.

Approver Email


When placing an order, yous can cull from the following electronic mail addresses to allow u.s.a. to verify your domain:

  • admin@domain.com
  • administrator@domain.com
  • hostmaster@domain.com
  • postmaster@domain.com
  • webmaster@domain.com

An electronic mail will be sent to the selected address and upon receipt of the email you can click a link to verify the domain is yours.

Note: Make sure you choose the right one, or you will take to cancel the society and showtime a new order.

If you do not have access or cannot set upwardly an email from the in a higher place list, you will need to contact Support who volition guide you through other possible options for email verification. These are:

  • Updating the WHOIS records with an email accost (an case of a website GlobalSign uses to check Who is records is networksolutions.com).
  • Creating a page on the website of the domain using instructions from our support squad. This will indicate control of the domain and permit the vetting squad to send the blessing email to Any culling email accost.

NOTE: A dedicated back up commodity guiding yous through domain verification by approver email tin be found here.

HTTP Verification

Using the HTTP Verification (too called Approver URL- or meta tag-) method, you tin insert a random string provided by GlobalSign in the root folio of your domain (for example domain.com). The directory chosen for this must exist domain.com/well-known/pki-validation/gsdv.txt

Our verification arrangement will be able to detect the meta tag on the page and verify the domain ownership. However, our organisation cannot verify the domain if it redirects to another page so brand sure to disable all redirects.

Note: A dedicated support commodity guiding you through domain verification past HTTP verification can exist constitute here.

DNS TXT Record

DNS TXT records entail implementing a lawmaking into the DNS TXT of the registered domain. Yous demand to make sure the cord exactly matches what you lot were provided at the end of ordering your certificate or from our vetting team. Also, you demand to make sure that the record is publicly attainable. You can employ some free online tools to check your DNS TXT records. Alternatively, you lot can run a command in command prompt to encounter if there is a txt entry, for case: nslookup -type=txt domain.com

Notation: A defended support commodity guiding you through domain verification by DNS TXT record tin be found hither.

Individual Key Missing

Ordering an SSL/TLS certificate requires the submission of a CSR and in order to create a CSR a private key has to be created. Your individual key matching your certificate is usually located in the same directory the CSR was created. If the private central is no longer stored on your machine (lost) then the certificate will need to exist reissued with a new CSR and therefore as well a newly created individual central.

Examples of error messages/situations which would point at that place is no private central:

  • 'Private key missing' error message appears during installation
  • 'Bad tag value' mistake bulletin appears during installation
  • After importing the certificate into IIS, the certificate disappears from the list when refreshed
  • When going onto your website, the site does non load in https://

No affair how convenient it seems, we desire to discourage the utilise of online tools to generate CSRs. Those will also have your private cardinal, meaning the security of your server may be compromised in the hereafter.

Note: We offering many guides to assist you generate private keys and CSRs.

SAN Compatibility

With a discipline alternative name or SAN document, at that place are several things to note before ordering:

  • UCC (Unified Communication) SANs can be selected for free. Those cover some direct subdomains of the Mutual Name (for case, domain.com):
    1. mail.domain.com
    2. owa.domain.com
    3. autodiscover.domain.com
    4. world wide web.domain.com
  • Subdomain SANs are applicable to all host names extending the Common Name past one level. For case:
    • support.domain.com could be a Subdomain SAN for a document with the Mutual Proper name domain.com
    • advanced.support.domain.com could Not exist covered past a Subdomain SAN in a certificate issued to domain.com, equally it is not a direct subdomain of domain.com
  • FQDN (Fully Qualified Domain Name) SANs are applicable to all fully qualified host names, unrelated to the Common Name
    • support-domain.internet could be a FQDN SAN in a certificate with the Common Name domain.com
    • support.domain.com would also be a valid FQDN for a document with Common Name domain.com, but roofing this choice with a Subdomain SAN is the smarter selection
    • IP Addresses tin not exist covered by FQDN SANs
  • SANs for Public IP Addresses will only work for registered and public Global IP Addresses, otherwise buying cannot be verified
    • Wildcard SANs piece of work the same way equally FQDN SANs but volition cover an entire subdomain level, no matter what stands for the asterisk
    • For instance, the Wildcard SAN *.domain.com volition comprehend back up.domain.com, gcc.domain.com, mail.domain.com – and so on!

For the compatibility of the different SAN Types with different products, please see the table below:

san compatability chart

Information technology is also possible to remove a SAN after your document has been issued.

Invalid CSR

If yous are creating a renewal CSR, then you will need to ensure the Common Name matches the one of your original CSR. The new CSR volition not be the aforementioned since the private key must be unlike. You may not use the same CSR again, even if it seems convenient.

Yous can examination a CSR by using the decoder in the Managed SSL Tab of your GlobalSign accounts. Should you not accept that available, you can safely use online resource to check your CSR, as long as yous do not share your private central you lot do non take to exist concerned for their security. If there are whatever extra spaces or too many or besides few dashes at the starting time/finish of the certificate request, it will invalidate the CSR.
-----BEGIN CERTIFICATE Request-----
-----END CERTIFICATE REQUEST-----

The Common Proper name You Have Entered Does Not Match the Base Choice

This error appears when yous are ordering a Wildcard SSL Certificate but have not included the asterisk in the Common Name of the CSR (east.chiliad. a CSR with CN domain.com, rather than*.domain.com). Or if conversely, you accept entered *.domain.com with the CSR and not selected that you wish to order a Wildcard certificate.

Every bit earlier explained, the [*] represents all sub-domains you can secure with this type of document. For example, if yous want to secure www.domain.com, mail service.domain.com and secure.domain.com, you will need to enter *.domain.com equally the Common Proper name in the CSR.
Notation: You cannot create a Wildcard with a sub-domain before the asterisk, e.chiliad. postal service.*.domain.com, or double Wildcards, such as *.*.domain.com.

Key Duplicate Error

This error appears when yous are using a private key which has already been used. A private key and CSR must only be used ONCE.

You should generate a new individual key and CSR on your server and re-submit the new CSR. The reason SSL/TLS certificates have a maximum validity (and this one beingness cut short repeatedly) is an effort to ensure that keys are exchanged often, therefore mitigating the adventure of undetected compromise.

Order State Has Already Been Changed

order state has been changed

This error message generally appears when your order has timed out. You lot should start the ordering process from scratch and to let us know if the issue persists. If it does, we need to run farther checks on your business relationship.

Note: this error message can also exist acquired by wrongly specified SANs. For instance, if the CN is "www.domain.com" and you specified sub-domain every bit "domain.domain2.com" which specifies a separate FQDN. Check the information about SANs above for clarification.

The SANs Options Y'all Have Entered Do Not Friction match the SAN Options on the Original Certificate

This trouble tin occur for several reasons:

  • Y'all added a space earlier or after the SAN.
  • At that place is a typo in the information y'all have provided.
  • You are entering the Common Proper name (CN) of the document equally a SAN. Post-obit regulations, we will e'er add your Mutual Name every bit a SAN, this does non need to be specified.
  • You incorrectly enter the SAN every bit a sub-domain, multi-domain name, internal SAN or IP. You need to choose the correct type of SAN which applies to the SAN. Please also check the above information on different SANs.

Document Not Trusted in Web Browser

After installing the certificate, you may still receive untrusted errors in sure browsers. This happens when the intermediate document has not been installed or for some reason the GlobalSign Root Certificate is missing from the client connecting to your server. Unless the client has been heavily tampered with, this should non occur – our Root Certificates are embedded in near all modern operating systems and applications.

Running a health check on the domain will identify missing intermediate certificates. If the intermediate certificate is missing, use the post-obit link to decide which intermediate is needed based on product type (DomainSSL, OrganisationSSL, ExtendedSSL, AlphaSSL etc).

Findout more about intermediate certificates and why we use them.

'Switch From Competitor' Mistake Message

switch from competitor error message

When choosing the 'switch from competitor' option in our document ordering arrangement, yous may see the following error bulletin:

The server hosting your existing certificate cannot exist reached to confirm its validity. Please obtain a copy of your existing document and paste it in the box beneath. All competitive switches are subject area to review by GlobalSign'due south vetting team against the trusted issuers in the browser trust stores. If your certificate is not issued by a valid root CA Certificate, it will be subject to counterfoil and/or revocation.

This error bulletin occurs when your current document is no longer valid. Y'all should only choose this option if you are switching before your certificate with another company expires.
This error message could also occur if your electric current certificate is not installed on the domain. Our organization will not exist able to find the validity in this case so you should untick this option and go through the normal ordering procedure.

If you accept a valid document from a competitor that is not installed on the server then yous can paste your CSR into the text box using the 'Switch from Competitor' option. Meet the below paradigm.

Finally, this error message could show when yous have installed a certificate on your server but the CN is not the same as the domain name. For example, this can happen with a SAN document. In this instance, but untick 'switch from a competitor' and become through the normal ordering process.

If y'all are switching over to GlobalSign that's great! If y'all think you lot should exist eligible for 30 days of gratis validity but if yous cannot go through with the procedure simply contact us and a team member will reach out to you.

For more than help with full general SSL Certificate queries and so visit the General SSL page on our support site.

amosgreeir.blogspot.com

Source: https://www.globalsign.com/en/blog/top-ssl-certificate-errors-and-solutions

0 Response to "Could Not Save Some Information Entered Was Not Correct Please Fix All Errors and Try Again"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel