Knowledgebase: Connection
[QODBC Desktop] - Troubleshooting - The certificate was revoked by its certification authority. Revoked Security Certificate.
Posted by Rajendra Dewani (QODBC Support) on 23 August 2023 06:55 PM

[QODBC Desktop] - Troubleshooting - The certificate was revoked by its certification authority. Revoked Security Certificate.

Problem Description:

We get an error message in QuickBooks saying that the application FLEXquarters QODBC's certificate was revoked by its certification authority. I have followed the steps recommended by QuickBooks located here: https://quickbooks.intuit.com/learn-support/en-us/help-article/web-integration/fix-error-quickbooks-application-revoked/L6Y849bKg_US_en_US?uid=llo0wp9y but the issue persists.


I have also followed the steps from your article from 2016, located here: https://support.flexquarters.com/esupport/index.php?/Knowledgebase/Article/View/2774/0/qodbc-desktop-troubleshooting---quickbooks-displays-a-revoked-certificate-warning, but we still have the issue.

 

QuickBooks SDK Logs

20230823.115249	I	17252	RequestProcessor	========= Started Connection =========
20230823.115249	I	17252	RequestProcessor	Request Processor, QBXMLRP2 v31.13
20230823.115249	I	17252	RequestProcessor	Connection opened by app named 'FLEXquarters QODBC'
20230823.115249	I	17252	RequestProcessor	OS: Microsoft Professional (build 9200), 64-bit
20230823.115249	I	17252	RequestProcessor	Current User is in AdminGroup
20230823.115249	I	17252	RequestProcessor	Current Process Integrity Level : 2000
20230823.115249	I	17252	RequestProcessor	Getting the IUnknown COM instance of QB
20230823.115249	I	17252	RequestProcessor	Opening the file in the DoNotCare mode.
20230823.115851	E	17252	RequestProcessor	Begin Session error = 80042587, Access denied by user.
20230823.115851	I	17252	RequestProcessor	Connection closed by app named 'FLEXquarters QODBC'
20230823.115851	I	17252	RequestProcessor	========== Ended Connection ==========
20230823.115954	I	17252	CertVerifier	The Authenticode signature validated OK.
20230823.115954	E	17252	CertVerifier	The certificate was revoked by its certification authority.


What are our next steps?

 

Reason for the issue.

We are currently not sure what is causing the issue; from our primary investigation, it seems to be either a Windows Update or a Digital Signature validator/issuer - "Symantec Class 3 SHA256 Code Signing CA" end-of-life / expired may have caused this issue.

We have reported this issue to Intuit  Support and DigiCert. We will update this page as soon as more information is available.

As per Digicert phone support, the "Symantec Class 3 SHA256 Code Signing CA" Certificate was revoked on request from Microsoft. The solution is to resign the application.

We noticed customers using the QODBC build signed in the years 2019 and 2020 (e.g., 20.0.0.336 - 21.0.0.340) are facing this issue. If you are using QODBC version 2019 or 2020, please update QODBC to the latest version.

Installing the latest version of QODBC should resolve the issue you are facing. Please refer to the Solutions section. To receive updates on the progress of this issue, - please send us an email by clicking the link provided - Click Here. You will be notified as soon as a final solution is found.

 

============

Email from Intuit.


Hello Intuit Developer,

We are contacting you because you have a QuickBooks Desktop application, and we believe you could be impacted by an issue with revoked certificates from the Symantec Corporation.

What is happening?

On August 22, 2023, we were notified that some third-party applications started receiving the following error message when the application tried to connect to QuickBooks Desktop:

“The certificate was revoked by the certification authority.”

After some research, it was determined that a Symantec root certificate (Symantec Corporation/DigiCert) had been revoked. On August 22, 2023, at 12:00pm PDT, Microsoft started enforcing revocation of the certificate.

What does that mean for me?

Your application might or might not be seeing the error that the certificate was revoked. If you are not seeing this error, you are not impacted, and you can disregard this email.

If you are impacted by this issue, you can resolve it by re-signing your application and redistributing it to your customers.

Where can I get more information?

We are in the process of updating the full versions of the QuickBooks Desktop SDK and QuickBooks Web Connector (QBWC) which will be available on our QuickBooks Desktop SDK page in the next few days.

If you are having problems with QBWC, there is a patch for the latest version that can be found, along with instructions for installation, at http://intuit.me/cert. Make sure you have updated to the latest version of QBWC before applying the patch.

If you need more information about re-signing certificates from DigiCert, have a look at the Standard Code Signing certificate and Enhanced Verification Code Signing certificate documentation on DigiCert’s CertCentral.

Thank you,

============  

 

Solutions

You may install the latest version of QODBC to see if that resolves the issue.

If you are still facing issues, please connect with the application vendor (e.g., FileMaker, Crystal Report, VB.NET, Microsoft Excel, Microsoft Access, Alpha 5, or any Custom Application) to provide a re-signed copy of the application.

 

Solution 1:

Please update your application, like FileMaker, Crystal Report, VB.NET, Microsoft Excel, Microsoft Access, Alpha 5, or any Custom Application to the latest version.

If your application contains a "Digital Signature", ensure it is a valid digital certificate and has not expired.

As the vendor of your application, provide you with the latest version of the application or resign the existing application with the new certificate and provide you with the updated application.

 

Solution 2:

Workaround: Bypass the digital signature/digital certificate of your application by routing the connection via QRemote.

Existing

Your App -- > QuickBooks Data -- > QuickBooks SDK -- QuickBooks Application/QuickBooks company file.

 

Proposed workaround

Your App -- > QuickBooks Data QRemote -- > QRemote Server -- > QuickBooks Data -- > QuickBooks SDK -- QuickBooks Application/QuickBooks company file.

 

Start QRemote Server,

Start your application.

Instead of connecting to "QuickBooks Data" , connect to  "QuickBooks Data QRemote"

 

 

Solution 3:

 
Please download the latest version of QODBC Desktop from the link below.
 
Installer
 
 
 
NOTE: After installing this version, you may have to rebuild the optimizer file. The installer will reset the default QODBC and QRemote DSN.
 
 
Please do not deactivate the current CDKEY.
 
Download the QODBC Installer.
Close all the applications that use QODBC or QuickBooks.
Close / Exit QRemoteServer.
Uninstall the current version of QODBC.
Install the latest version of QODBC.
You can skip the CDKEY step during installation.
Restart Windows.
Go to the QODBC Setup Screen->" About" window to see if the version change has been applied.
 
If you are using QODBC remotely (using QODBC on multiple machines), please install QODBC on those machines.
 
After successfully installing the updated version QODBC & QRemote.
 
Start QuickBooks and log in to the QuickBooks company file as QuickBooks user "Admin".
 
Connect to using your application. 
 
(If you are using MS Access, please re-link your tables. How to Re-Link QuickBooks Data in MS Access - http://qodbc.com/links/2679)
 
Please test the reported issue & share the outcome.
 
NOTE:  After installing this version, you may have to rebuild the optimizer file. The installer will reset the default QODBC and QRemote DSN.
Please refer to the following link to rebuild the optimizer - How to remove the Optimizer file - http://qodbc.com/links/2519   & How to rebuild the optimizer file - http://qodbc.com/links/2453
 
 
Also, refer to - Slow Performance / Cannot Get Full Records from QuickBooks / How to find missing data - http://qodbc.com/links/2461
 
 
Attach the following information
1) Screenshot of QODBC Setup Screen -- > About
2) Screenshot of the issue you're facing.
Share Entire Log Files as an attachment in text format from
3) QODBC Setup Screen -- > Messages -- > Review QODBC Messages
4) QODBC Setup Screen -- > Messages -- > Review SDK Messages
Refer to How to take a screenshot: www.qodbc.com/links/screenshot.htm
 
 
Solution 4:
 
In case you are unable to resolve the issue after upgrading to the latest version of QODBC and cannot update/re-sign your existing application.
You can remove the digital signature from your application.
 
Identify if your application has a Digital Signature(s) and if it contains a revoked digital certificate
Navigate to the Folder path where your application is installed.
Right-click on your application and click "Properties"
 
If you do not see the "Digital Signatures" tab, that means your application is unsigned, and the following instructions are not applicable to your application.
 
If your application has a "Digital Signatures" tab, that means your application is a signed application.
If the "Issuer by" has the value "Symantec Class 3 SHA256 Code Signing CA" then your application certificate is revoked.
 
Examples:
 
 
 
 
 
 
Please refer to the following steps to remove the digital signature/digital certificate.
 
The first and most important step is to make a backup of your existing application.
 
Copy your application and paste it to c:\Important backup\
Copy your application and paste it to c:\Unsigned\
 
Download SignTool from Microsoft's website.
SignTool is available as part of the Windows SDK, which you can download from Windows SDK.

SignTool (https://msdn.microsoft.com/en-us/library/windows/desktop/aa387764(v=vs.85).aspx) is a command-line tool that digitally signs files, verifies the signatures in files, and time stamps files. For information about why signing files is important, see Introduction to code signing.

The tool is installed in the \Bin folder of the Microsoft Windows Software Development Kit (SDK) installation path, for example, C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\signtool.exe.

Signtool must be at least from a Windows 8 SDK kit (version 6.2.9200.20789).
 
Install Windows SDK, Select "Windows SDK Signing Tool for Desktop Apps"
 

C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x86
or
C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x64
 
Start command prompt (Run as administrator)

 
Navigate to the "Windows Kits" folder -
(The path may vary depending on the Windows SDK version installed for your Windows OS)
 
 
cd "C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x86"


Execute the following command to remove the Digital Signature from your application.

signtool remove /s C:\UnsignApp\YourApplication.exe
 

 
Copy your application back to the original path where your application is installed.
 
Start QuickBooks and log in to the QuickBooks company file as QuickBooks user "Admin".
Connect to QuickBooks Data using your application. 
 
 
FAQs
 
1) Do we have to buy a new license if we install the latest version of QODBC?
Answer: If you are just installing a newer version of QODBC and not changing the QuickBooks version/edition, there is no need to buy a new license.
You can use QODBC build 23.0.0.351 with your existing QODBC license (2023 or lower).
 
Suppose you have a QODBC 2022 license and QODBC build 2023 (23.0.0.351). QODBC 2022 license will allow you to connect with QuickBooks 2022 and downwards, but not 2023.
Suppose you have a QODBC 2021 license and QODBC build 2023 (23.0.0.351). QODBC 2021 license will allow you to connect with QuickBooks 2021 and downwards but not 2022 and 2023.
 
2) Would it be possible to resign QODBC build 20.0.0.336?
Answer: We highly recommend updating QODBC to the latest version. It may not be feasible to resign the older version of QODBC. If you are unable to use the latest version of QODBC, please raise a support ticket.
 
3) With solution 1, I replaced Java 7 (which has been working for years) with Java 8. Java 8 doesn't support ODBC anymore, so I followed those steps to get ODBC from Java 7 64-bit to import it into Java 8 64-bit. It works mostly, but I have one query that gives me this error
Answer: Please try Solution 4
i.e., Remove digital signature from java.exe
 
(0 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please complete the captcha below (we use this to prevent automated submissions).