[QODBC Desktop] - Troubleshooting - The certificate was revoked by its certification authority. Revoked Security Certificate.
Posted by Rajendra Dewani (QODBC Support) on 23 August 2023 06:55 PM
|
|
[QODBC Desktop] - Troubleshooting - The certificate was revoked by its certification authority. Revoked Security Certificate.Problem Description:We get an error message in QuickBooks saying that the application FLEXquarters QODBC's certificate was revoked by its certification authority. I have followed the steps recommended by QuickBooks located here: https://quickbooks.intuit.com/
QuickBooks SDK Logs 20230823.115249 I 17252 RequestProcessor ========= Started Connection ========= 20230823.115249 I 17252 RequestProcessor Request Processor, QBXMLRP2 v31.13 20230823.115249 I 17252 RequestProcessor Connection opened by app named 'FLEXquarters QODBC' 20230823.115249 I 17252 RequestProcessor OS: Microsoft Professional (build 9200), 64-bit 20230823.115249 I 17252 RequestProcessor Current User is in AdminGroup 20230823.115249 I 17252 RequestProcessor Current Process Integrity Level : 2000 20230823.115249 I 17252 RequestProcessor Getting the IUnknown COM instance of QB 20230823.115249 I 17252 RequestProcessor Opening the file in the DoNotCare mode. 20230823.115851 E 17252 RequestProcessor Begin Session error = 80042587, Access denied by user. 20230823.115851 I 17252 RequestProcessor Connection closed by app named 'FLEXquarters QODBC' 20230823.115851 I 17252 RequestProcessor ========== Ended Connection ========== 20230823.115954 I 17252 CertVerifier The Authenticode signature validated OK. 20230823.115954 E 17252 CertVerifier The certificate was revoked by its certification authority.
Reason for the issue. We are currently not sure what is causing the issue; from our primary investigation, it seems to be either a Windows Update or a Digital Signature validator/issuer - "Symantec Class 3 SHA256 Code Signing CA" end-of-life / expired may have caused this issue. We have reported this issue to Intuit Support and DigiCert. We will update this page as soon as more information is available. As per Digicert phone support, the "Symantec Class 3 SHA256 Code Signing CA" Certificate was revoked on request from Microsoft. The solution is to resign the application. We noticed customers using the QODBC build signed in the years 2019 and 2020 (e.g., 20.0.0.336 - 21.0.0.340) are facing this issue. If you are using QODBC version 2019 or 2020, please update QODBC to the latest version. Installing the latest version of QODBC should resolve the issue you are facing. Please refer to the Solutions section. To receive updates on the progress of this issue, - please send us an email by clicking the link provided - Click Here. You will be notified as soon as a final solution is found.
============ Email from Intuit.
We are contacting you because you have a QuickBooks Desktop application, and we believe you could be impacted by an issue with revoked certificates from the Symantec Corporation. What is happening? On August 22, 2023, we were notified that some third-party applications started receiving the following error message when the application tried to connect to QuickBooks Desktop: “The certificate was revoked by the certification authority.” After some research, it was determined that a Symantec root certificate (Symantec Corporation/DigiCert) had been revoked. On August 22, 2023, at 12:00pm PDT, Microsoft started enforcing revocation of the certificate. What does that mean for me? Your application might or might not be seeing the error that the certificate was revoked. If you are not seeing this error, you are not impacted, and you can disregard this email. If you are impacted by this issue, you can resolve it by re-signing your application and redistributing it to your customers. Where can I get more information? We are in the process of updating the full versions of the QuickBooks Desktop SDK and QuickBooks Web Connector (QBWC) which will be available on our QuickBooks Desktop SDK page in the next few days. If you are having problems with QBWC, there is a patch for the latest version that can be found, along with instructions for installation, at http://intuit.me/cert. Make sure you have updated to the latest version of QBWC before applying the patch. If you need more information about re-signing certificates from DigiCert, have a look at the Standard Code Signing certificate and Enhanced Verification Code Signing certificate documentation on DigiCert’s CertCentral. Thank you, ============
Solutions You may install the latest version of QODBC to see if that resolves the issue. If you are still facing issues, please connect with the application vendor (e.g., FileMaker, Crystal Report, VB.NET, Microsoft Excel, Microsoft Access, Alpha 5, or any Custom Application) to provide a re-signed copy of the application.
Solution 1: Please update your application, like FileMaker, Crystal Report, VB.NET, Microsoft Excel, Microsoft Access, Alpha 5, or any Custom Application to the latest version. If your application contains a "Digital Signature", ensure it is a valid digital certificate and has not expired. As the vendor of your application, provide you with the latest version of the application or resign the existing application with the new certificate and provide you with the updated application.
Solution 2: Workaround: Bypass the digital signature/digital certificate of your application by routing the connection via QRemote. Existing Your App -- > QuickBooks Data -- > QuickBooks SDK -- QuickBooks Application/QuickBooks company file.
Proposed workaround Your App -- > QuickBooks Data QRemote -- > QRemote Server -- > QuickBooks Data -- > QuickBooks SDK -- QuickBooks Application/QuickBooks company file.
Start QRemote Server, Start your application. Instead of connecting to "QuickBooks Data" , connect to "QuickBooks Data QRemote"
Solution 3: Please download the latest version of QODBC Desktop from the link below.
Installer
NOTE: After installing this version, you may have to rebuild the optimizer file. The installer will reset the default QODBC and QRemote DSN.
Please do not deactivate the current CDKEY.
Download the QODBC Installer.
Close all the applications that use QODBC or QuickBooks.
Close / Exit QRemoteServer.
Uninstall the current version of QODBC.
Install the latest version of QODBC.
You can skip the CDKEY step during installation.
Restart Windows.
Go to the QODBC Setup Screen->" About" window to see if the version change has been applied.
If you are using QODBC remotely (using QODBC on multiple machines), please install QODBC on those machines.
After successfully installing the updated version QODBC & QRemote.
Start QuickBooks and log in to the QuickBooks company file as QuickBooks user "Admin".
Connect to using your application.
(If you are using MS Access, please re-link your tables. How to Re-Link QuickBooks Data in MS Access - http://qodbc.com/links/2679)
Please test the reported issue & share the outcome.
NOTE: After installing this version, you may have to rebuild the optimizer file. The installer will reset the default QODBC and QRemote DSN.
Please refer to the following link to rebuild the optimizer - How to remove the Optimizer file - http://qodbc.com/links/2519 & How to rebuild the optimizer file - http://qodbc.com/links/2453
Also, refer to - Slow Performance / Cannot Get Full Records from QuickBooks / How to find missing data - http://qodbc.com/links/2461
If you still face the issue, please create a new support ticket - https://support.flexquarters.com/esupport/index.php?/DefaultImported/Tickets/Submit
Attach the following information
1) Screenshot of QODBC Setup Screen -- > About
2) Screenshot of the issue you're facing.
Share Entire Log Files as an attachment in text format from
3) QODBC Setup Screen -- > Messages -- > Review QODBC Messages
4) QODBC Setup Screen -- > Messages -- > Review SDK Messages
Refer to How to take a screenshot: www.qodbc.com/links/screenshot.htm
Solution 4:
In case you are unable to resolve the issue after upgrading to the latest version of QODBC and cannot update/re-sign your existing application.
You can remove the digital signature from your application.
Identify if your application has a Digital Signature(s) and if it contains a revoked digital certificate
Navigate to the Folder path where your application is installed.
Right-click on your application and click "Properties"
If you do not see the "Digital Signatures" tab, that means your application is unsigned, and the following instructions are not applicable to your application.
If your application has a "Digital Signatures" tab, that means your application is a signed application.
If the "Issuer by" has the value "Symantec Class 3 SHA256 Code Signing CA" then your application certificate is revoked.
Examples:
Please refer to the following steps to remove the digital signature/digital certificate.
The first and most important step is to make a backup of your existing application.
Copy your application and paste it to c:\Important backup\
Copy your application and paste it to c:\Unsigned\
Download SignTool from Microsoft's website.
SignTool is available as part of the Windows SDK, which you can download from Windows SDK.
SignTool (https://msdn.microsoft.com/en-us/library/windows/desktop/aa387764(v=vs.85).aspx) is a command-line tool that digitally signs files, verifies the signatures in files, and time stamps files. For information about why signing files is important, see Introduction to code signing. The tool is installed in the \Bin folder of the Microsoft Windows Software Development Kit (SDK) installation path, for example, C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\signtool.exe. Signtool must be at least from a Windows 8 SDK kit (version 6.2.9200.20789).
Install Windows SDK, Select "Windows SDK Signing Tool for Desktop Apps"
C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x86
or
C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x64
Start command prompt (Run as administrator)
Navigate to the "Windows Kits" folder -
(The path may vary depending on the Windows SDK version installed for your Windows OS)
cd "C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x86"
Execute the following command to remove the Digital Signature from your application. signtool remove /s C:\UnsignApp\YourApplication.exe Copy your application back to the original path where your application is installed.
Start QuickBooks and log in to the QuickBooks company file as QuickBooks user "Admin".
Connect to QuickBooks Data using your application.
FAQs
1) Do we have to buy a new license if we install the latest version of QODBC?
Answer: If you are just installing a newer version of QODBC and not changing the QuickBooks version/edition, there is no need to buy a new license.
You can use QODBC build 23.0.0.351 with your existing QODBC license (2023 or lower).
Suppose you have a QODBC 2022 license and QODBC build 2023 (23.0.0.351). QODBC 2022 license will allow you to connect with QuickBooks 2022 and downwards, but not 2023.
Suppose you have a QODBC 2021 license and QODBC build 2023 (23.0.0.351). QODBC 2021 license will allow you to connect with QuickBooks 2021 and downwards but not 2022 and 2023.
2) Would it be possible to resign QODBC build 20.0.0.336?
Answer: We highly recommend updating QODBC to the latest version. It may not be feasible to resign the older version of QODBC. If you are unable to use the latest version of QODBC, please raise a support ticket.
3) With solution 1, I replaced Java 7 (which has been working for years) with Java 8. Java 8 doesn't support ODBC anymore, so I followed those steps to get ODBC from Java 7 64-bit to import it into Java 8 64-bit. It works mostly, but I have one query that gives me this error
Answer: Please try Solution 4
i.e., Remove digital signature from java.exe
| |
|