I am a iOS developer and our organization purchase Cloud OCR SDK for scanning business cards.
It work fine some time ago. but as I am testing my application that was not scanning business cards and give below error every time
Error Description:
Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “ocrsdk.blob.core.windows.net” which could put your confidential information at risk."
Please let me know what is was happening in CloudOcrSdk. And why this API return me that error.
Comments
12 comments
That message means that for whatever reason the client program doesn’t want to trust the SSL certificate of cloud.ocrsdk.com. That can happen
because, for example, you installed some update and that changed the set of trusted root certificates or you changed your system and changes that set. This is what you can examine – open https://cloud.ocrsdk.com in your browser and when they do it the browser will display the lock sign near the address meaning that the connection is encrypted, when you click onto the lock and will be able to inspect the certificate and find why it is no longer trusted by the system.
We're finding problems with the certificates that Abbyy use because they're provided by an ... exotic issuer.
Our issue is that we use Heroku who don't support their certificate and don't allow you to manually add the certificate as we don't have access to the file system.
For $300 Abbyy could buy a fully supported and recognised certificate that would solve a lot of these problems.
My backend just stopped working. It is service which connects to abbyy via https. This service runs in a docker-container which isn't changed the last 70 days. When I run some queries via curl from inside the docker container its observable that sometimes it works and sometimes not (ca. 50%)
Now via openssl:
Prints this http://pastebin.com/P6Nked8u
The important parts:
We had the same problem, started about a week ago. We're still trying to fix it. Our stack is Ruby running on Heroku!
I'm wondering if Abbyy have changed something recently?
I think this is similar to what I am seeing accessing https://cloud.ocrsdk.com via mobile device. Our application started failing as soon as iOS 9.2.1 was released. Ours fails around 80% of the time. You can reproduce via browser on an iOS 9.2.1. Also, I just noticed that Android devices show certificate problems as well reproduces on Android 4.4.2 and 5.1.
Having the same issues with Java on both Windows and Linux. It seems (for the java side at least) to be caused by one of the GoDaddy CAs not being included in the root store; Because of SHA2, or something to that effect.
Abbyy might be powerless to fix this unless they move to a different cert provider.
Workaround: don't use https. :| bad workaround, but it keeps everything running.
If you run a full check here https://www.digicert.com/help/, you will see the certificate is fine, issued by GoDaddy, but it's not bought directly from them and the problem seems to be that the Intermediate certificates are not supported (in our case) on Heroku.
From the url above
"SSL Certificate is not trusted
The certificate is not signed by a trusted authority (checking against Mozilla's root store). If you bought the certificate from a trusted authority, you probably just need to install one or more Intermediate certificates. Contact your certificate provider for assistance doing this for your server platform."
We have the same problem. A lot of our customers using the https://cloud.ocrsdk.com with iOS and Android Apps. On different versions of iOS and Android. Strange thing is that it sometimes works. In about 10 % of the calls. It seems that some servers have a 'good' certificate and others not.
Also our app hasn't been changed since months. There must be somthing with the certificates on ABBYY servers! This is really a huge problem for us. Our customers are on tow huge exhibitions and using the business card function extensively.
Abbyy support, please forward this to your developer team. This is definitely solvable on your side! A new certificate which is signed by a top level company will cost hardly anything and ensure it's working/installed properly on all your servers!
Dear all,
We are extremely sorry for the delay in our response due to the state holidays in Russia. Indeed, for some reasons an intermediate certificate in a chain becomes invalid from time to time during last few days. We did not update the certificate and did no changes in the service, so we could not affect the validity of the certificate. Our IT and R&D departments are in contact with MS (service host) and GoDaddy (the certificate issuer) to find the cause. As soon as we get some new information, we will let you know.
It would be cheaper and quicker to just get a new signed certificate without an intermediate!
In the meantime, my app isn't working, hundreds of users are affected and I'm seriously considering moving to another provider.
Our development team made some changes on our side concerning SSL yesterday. The issue is fixed now, and, according to our monitoring system, the service is working as usual. This incident does not require any actions from our customers.
Please take our apologies for possible difficulties to your business caused by this issue and thank you for your patience and collaboration!
Please sign in to leave a comment.