We are running into the same issue. We are having company's internal app posting sales transactions to QB via RDS.
Seems like when RDS tries to access company file, QB is validating the digital signature certificate with its issuer to check if certificate has been revoked. I manually verified if certificate is revoked, seems like certificate is not revoked but CA is giving a generic message of expired certificate.
Here are the detailed steps:
Right click on RDSServer.exe goto the properties and digital signature
I saved the digital signature certificate to a file called intuit.cer
I also saved the issuer's certificate to verisign_ca.crt.
Get OCSP URL from intuit.cer
openssl x509 -in intuit.cer -noout -ocsp_uri
http://ocsp.verisign.com
Send request to OCSP URL:
openssl ocsp -issuer verisign_ca.cer -cert intuit.cer -text -url http://ocsp.verisign.com
OCSP Request Data:
Version: 1 (0x0)
Requestor List:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: 3FC6409FC877C9AFB190E8CEB9F0D459E121E8FC
Issuer Key Hash: 46C669A30E4A141ED54CDA5263173F5E36BC0DE6
Serial Number: 320D643E2BF87E0BECA15DA7EBD1BF32
Request Extensions:
OCSP Nonce:
0410F5F0BDBC73283EC65DF2E426F1C30D7E
Responder Error: unauthorized (6)
Check the explanation of unauthorized (6) response by digicert. As per the following article the certificate is expired not revoked.
https://knowledge.digicert.com/solution/SO22631.html
I checked the same thing with the digital signature certificate for WB2019ENT and I am getting the same response from the issuer (Symantec).
To me it seems like RDS6 (file version 8.xxxx) has been signed with digital signature certificate from Verisign and Verisign (now Paypal) is not validating OCSP request for some reason.
Someone from Intuit should take this up with Verisign/Paypal to check with them that why they are not validating the OCSP requests.
