Any alternative URL for "siteverify" API? Signer certificate for Google keep changing

1,389 views
Skip to first unread message

manjeesh dev

unread,
Apr 7, 2016, 1:09:43 PM4/7/16
to reCAPTCHA

Do we have any http url for siteverify API? 

We installed the google signer certificate in Websphere application server. We observed that google certificate is expiring very frequently. Each time we follow below mentioned steps to renew the certificate. Since expiry date is different, bouncing application server on week day is not advisable. Now options in front of us are use HTTP url for site verify or not to use reCAPTCHA :(   

Any solution available for this issue?     


Step 1: Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates > Retrieve from port button

hostnamewww.google.com
port: 443
Alis: googleCert

Step 2: Bounce WAS server.

Seth Munroe

unread,
Apr 7, 2016, 5:55:59 PM4/7/16
to reCAPTCHA
You should be installing the root certificate as a trusted authority. The root signor is GeoTrust Global CA which is valid from 5/20/2002 to 5/20/2022. If your application trusts the root signor as a trusted root authority then you shouldn't need to explicitly trust the end certificate.

manjeesh dev

unread,
Jun 8, 2016, 1:37:32 PM6/8/16
to reCAPTCHA
Yes, This worked for us... 

Maria Rosa Jordán Gracia

unread,
Aug 7, 2017, 7:35:16 AM8/7/17
to reCAPTCHA
Hello, we are experiencing the same problems with the cerfiticate and checking the certificate donwloaded(google.es) we can see that GeoTrust Global CA is one of the certificates donwloaded, as well.

Server sent 3 certificate(s):

 1 Subject CN=www.google.com, O=Google Inc, L=Mountain View, ST=California, C=US
   Issuer  CN=Google Internet Authority G2, O=Google Inc, C=US
   sha1    66 4b 26 5d 9e 53 13 53 7c 0b 94 f6 5b 83 13 2f 2f fc 86 fc 
   md5     06 a8 dd c1 25 3e 1e ae 0c 09 67 fe ae 78 1e 9e 

 2 Subject CN=Google Internet Authority G2, O=Google Inc, C=US
   Issuer  CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
   sha1    a6 12 0f c0 b4 66 4f ad 0b 3b 6f fd 5f 7a 33 e5 61 dd b8 7d 
   md5     17 86 6c cb d2 24 bd 2f f9 df 48 b9 51 18 f9 35 

 3 Subject CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
   Issuer  OU=Equifax Secure Certificate Authority, O=Equifax, C=US
   sha1    73 59 75 5c 6d f9 a0 ab c3 06 0b ce 36 95 64 c8 ec 45 42 a3 
   md5     2e 7d b2 a3 1d 0e 3d a4 b2 5f 49 b9 54 2a 2e 1a 

we tried to import  GeoTrust Global CA  keytool -exportcert -alias geotrustuniversalca-1 -keystore C:/installCertificate/jssecacerts -storepass changeit -file C:/installCertificate/geotrustuniversalca.cer but the tool inform that  it is already imported, the problem is even if the tool says this, every time that we tried to acces to google recaptcha and exception is reported even the certificate is valid

C:\Program Files\Java\jdk1.7.0_51\bin> keytool -list -v -storepass changeit -keystore ..\jre\lib\security\cacerts -alias geotrustuniversalca

Alias name: geotrustuniversalca

Creation date: 10-dec-2009

Entry type: trustedCertEntry

Owner: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US

Issuer: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US

Serial number: 1

Valid from: Thu Mar 04 06:00:00 CET 2004 until: Sun Mar 04 06:00:00 CET 2029


Could someone help us, what are we doing wrong?


Thanks.

Mario Gómez

unread,
Apr 24, 2018, 5:28:56 PM4/24/18
to reCAPTCHA
Hi all

Any fix on this??? we are having the same issue.

Regards

Iman Al-Halawani

unread,
May 21, 2018, 6:24:32 AM5/21/18
to reCAPTCHA
Hello,

I didn't use a different siteverify URL, but I added the google certificates to the "Trusted Root Certification Authorities" of all servers hosting the application and this solved my exception of closing the connection while verification.

Good luck

Tebogo Kgofelo

unread,
Sep 20, 2018, 12:41:51 PM9/20/18
to reCAPTCHA
How can I download the cert and import to my WAS server directly from my laptop?
Your feedback will be appreciated.


On Thursday, April 7, 2016 at 7:09:43 PM UTC+2, manjeesh dev wrote:

Sekharbabu Seeram

unread,
Oct 1, 2018, 8:04:53 PM10/1/18
to reCAPTCHA
Hi,

Can you please let us know How to download and configure the google certificate,

I am getting the below exception while calling https siteverify url

<Oct 2, 2018 12:07:11 PM NZDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 
<SecurityPinManagedBean> <isCaptchaValid> Unable to connect google siteverify 
javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)

Reply all
Reply to author
Forward
0 new messages