Certificate error

  • Last Post 22 February 2016
Anastasia Galimova posted this 21 March 2014

I am a iOS developer and our organization purchase Cloud OCR SDK for scanning business cards.

It work fine some time ago. but as I am testing my application that was not scanning business cards and give below error every time

Error Description:

Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “ocrsdk.blob.core.windows.net” which could put your confidential information at risk."

Please let me know what is was happening in CloudOcrSdk. And why this API return me that error.

Order By: Standard | Newest | Votes
Anastasia Galimova posted this 21 March 2014

That message means that for whatever reason the client program doesn’t want to trust the SSL certificate of cloud.ocrsdk.com. That can happen

  • if our certificate has expired (it didn’t – we check that regularly)
  • or if the “certificate trust chain” got broken at your machine

because, for example, you installed some update and that changed the set of trusted root certificates or you changed your system and changes that set. This is what you can examine – open https://cloud.ocrsdk.com in your browser and when they do it the browser will display the lock sign near the address meaning that the connection is encrypted, when you click onto the lock and will be able to inspect the certificate and find why it is no longer trusted by the system.

Dan Jacobs posted this 22 February 2016

We're finding problems with the certificates that Abbyy use because they're provided by an ... exotic issuer.

Our issue is that we use Heroku who don't support their certificate and don't allow you to manually add the certificate as we don't have access to the file system.

For $300 Abbyy could buy a fully supported and recognised certificate that would solve a lot of these problems.

  • Liked by
  • mtulinius
Jan-Philip Loos posted this 22 February 2016

My backend just stopped working. It is service which connects to abbyy via https. This service runs in a docker-container which isn't changed the last 70 days. When I run some queries via curl from inside the docker container its observable that sometimes it works and sometimes not (ca. 50%)

curl https://cloud.ocrsdk.com
curl: (60) SSL certificate problem: unable to get local issuer certificate

Now via openssl:

openssl s_client -connect cloud.ocrsdk.com:443 -prexit -showcerts

Prints this http://pastebin.com/P6Nked8u

The important parts:

depth=0 OU = Domain Control Validated, CN = *.ocrsdk.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 OU = Domain Control Validated, CN = *.ocrsdk.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 OU = Domain Control Validated, CN = *.ocrsdk.com
verify error:num=21:unable to verify the first certificate
verify return:1

Dan Jacobs posted this 22 February 2016

We had the same problem, started about a week ago. We're still trying to fix it. Our stack is Ruby running on Heroku!

I'm wondering if Abbyy have changed something recently?

ericpres posted this 22 February 2016

I think this is similar to what I am seeing accessing https://cloud.ocrsdk.com via mobile device. Our application started failing as soon as iOS 9.2.1 was released. Ours fails around 80% of the time. You can reproduce via browser on an iOS 9.2.1. Also, I just noticed that Android devices show certificate problems as well reproduces on Android 4.4.2 and 5.1.

DanRix posted this 23 February 2016

Having the same issues with Java on both Windows and Linux. It seems (for the java side at least) to be caused by one of the GoDaddy CAs not being included in the root store; Because of SHA2, or something to that effect.

Abbyy might be powerless to fix this unless they move to a different cert provider.

Workaround: don't use https. :| bad workaround, but it keeps everything running.

Dan Jacobs posted this 23 February 2016

If you run a full check here https://www.digicert.com/help/, you will see the certificate is fine, issued by GoDaddy, but it's not bought directly from them and the problem seems to be that the Intermediate certificates are not supported (in our case) on Heroku.

From the url above

"SSL Certificate is not trusted

The certificate is not signed by a trusted authority (checking against Mozilla's root store). If you bought the certificate from a trusted authority, you probably just need to install one or more Intermediate certificates. Contact your certificate provider for assistance doing this for your server platform."

Bernhard posted this 23 February 2016

We have the same problem. A lot of our customers using the https://cloud.ocrsdk.com with iOS and Android Apps. On different versions of iOS and Android. Strange thing is that it sometimes works. In about 10 % of the calls. It seems that some servers have a 'good' certificate and others not.

Also our app hasn't been changed since months. There must be somthing with the certificates on ABBYY servers! This is really a huge problem for us. Our customers are on tow huge exhibitions and using the business card function extensively.

Dan Jacobs posted this 23 February 2016

Abbyy support, please forward this to your developer team. This is definitely solvable on your side! A new certificate which is signed by a top level company will cost hardly anything and ensure it's working/installed properly on all your servers!

Oksana Serdyuk posted this 24 February 2016

Dear all,

We are extremely sorry for the delay in our response due to the state holidays in Russia. Indeed, for some reasons an intermediate certificate in a chain becomes invalid from time to time during last few days. We did not update the certificate and did no changes in the service, so we could not affect the validity of the certificate. Our IT and R&D departments are in contact with MS (service host) and GoDaddy (the certificate issuer) to find the cause. As soon as we get some new information, we will let you know.

Dan Jacobs posted this 24 February 2016

It would be cheaper and quicker to just get a new signed certificate without an intermediate!

In the meantime, my app isn't working, hundreds of users are affected and I'm seriously considering moving to another provider.

Oksana Serdyuk posted this 25 February 2016

Our development team made some changes on our side concerning SSL yesterday. The issue is fixed now, and, according to our monitoring system, the service is working as usual. This incident does not require any actions from our customers.

Please take our apologies for possible difficulties to your business caused by this issue and thank you for your patience and collaboration!