Solved: Unable to validate a security certificate

Anonymous · ‎07-02-2021

Hello! I have got 3 troubles at once when I trying to open Fusion 360:

1 Error Message: Unable to validate a security certificate. Many times this can be triggered by proxy servers, security software, or out of date OS patches. Please visit the Network/Server Verification preference page if you would like to change this settings.

2 Error Message: Sorry, Fusion was unable to save sufficient data for Offline mode and needs to go Online. Please make sure you have a working Internet connection to continue.

3 Error Message: Cannot swith to online mode either. Please check your internet connection. Application will exit now.

I tried to do this things:

1 - Mannualy clear the local cache - [No results].

2 - Uninstall and reinstall manualy and with Fusion 360 Cleaner (Cleaner Tool) - [No Results].

3 - Check Windows Security - [All correct with it].

4 - Check Firewall - [All corrrect with it].

5 - Check Proxy Settings - [All correct with it, I have no changes]

6 - Reset Router/Internet Connection - [No results, I have healthy internet connection].

After all I have no results... and Fusion 360 still not working.

I always use Fusion 360 only on my home PC (Windows 10).

Please help)

Phil.E · ‎07-07-2021

Have you tried what this user reports as the solution?

https://forums.autodesk.com/t5/fusion-360-support/suddenly-cant-launch-fusion-360-due-to-certifcate-...

Phil Eichmiller
Software Engineer
Quality Assurance
Autodesk, Inc.

Anonymous · ‎07-07-2021

Phil.E · ‎07-07-2021

Hi @Anonymous did you intend to respond other than that html code?

Phil Eichmiller
Software Engineer
Quality Assurance
Autodesk, Inc.

Anonymous · ‎07-07-2021

Hi! Yes, I tried to disable Public Network in Firewall/Network Protection and Fusion is working. Also I tried to disable Domain Network and Private. But they are didn’t take effect like Public Network. After that I turned on my Public Network and Fusion works.

Thanks!

P.S. Can you help me. Where can I find my Fusion 360 settings after reinstall?

Phil.E · ‎07-07-2021

Please mark my response as the solution if it helped.

Which Fusion settings are you referring to?

Phil Eichmiller
Software Engineer
Quality Assurance
Autodesk, Inc.

Anonymous · ‎07-07-2021

My own Hotkeys and Saved Design Shortcuts

Phil.E · ‎07-07-2021

Try shutting down Fusion and restarting it.

When you first re-install Fusion it launches and loads the UI elements you mention before it knows who you are. Unfortunately the way to get them to download is to close Fusion (remain logged in) and then launch again.

There is no manual way to capture/restore these.

Phil Eichmiller
Software Engineer
Quality Assurance
Autodesk, Inc.

Anonymous · ‎07-07-2021

Thanks a lot! I will try)

Bjanders · ‎03-02-2023

This happens to me every once in a while. For reference, here's the dialog:

I managed to capture the network traffic when this happened, and the certificate that is received from the server is as follows (random irrelevant data removed for brevity) :

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:de:9c:3e:e1:e5:94:13:f9:18:a9:67:48:ed:99:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Amazon, CN=Amazon RSA 2048 M02
        Validity
            Not Before: Feb 28 00:00:00 2023 GMT
            Not After : Jul 30 23:59:59 2023 GMT
        Subject: CN=ase.autodesk.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                [...]
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:C0:31:52:CD:5A:50:C3:82:7C:74:71:CE:CB:E9:9C:F9:7A:EB:82:E2
            X509v3 Subject Key Identifier: 
                14:47:A8:A5:D9:3E:DC:2E:A0:0C:A3:CD:7F:D2:39:03:D4:D1:6F:D2
            X509v3 Subject Alternative Name: 
                DNS:ase.autodesk.com
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.r2m02.amazontrust.com/r2m02.crl
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            Authority Information Access: 
                OCSP - URI:http://ocsp.r2m02.amazontrust.com
                CA Issuers - URI:http://crt.r2m02.amazontrust.com/r2m02.cer
            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1(0)
                    Log ID    : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
                                B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
                    Timestamp : Feb 28 02:31:30.783 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                    [...]
                Signed Certificate Timestamp:
                    Version   : v1(0)
                    Log ID    : B3:73:77:07:E1:84:50:F8:63:86:D6:05:A9:DC:11:09:
                                4A:79:2D:B1:67:0C:0B:87:DC:F0:03:0E:79:36:A5:9A
                    Timestamp : Feb 28 02:31:30.841 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                    [...]
                Signed Certificate Timestamp:
                    Version   : v1(0)
                    Log ID    : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
                                5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
                    Timestamp : Feb 28 02:31:30.763 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                    [...]
    Signature Algorithm: sha256WithRSAEncryption
    [...]

The certificate is valid. I validated the complete certificate chain, and the root CA is trusted by Windows. One possible problem could be that OCSP validation could have failed for some reason. I did not check that yet.

Update: I cannot see that it is trying to do OCSP validation or anything. To me this seems like a bug in Fusion 360. I don't have this issue with any other software or while browsing.

Bjanders · ‎03-02-2023

It's probably due OCSP certificate validation anyway. The cert below was just issued when my problem occurred (February 28th). It is likely the problem occurs just after a new certificate has been issued, then validation initially fails for some reason.

Bjanders · ‎03-02-2023

After some investigation, it actually did an OCSP lookup and got a successful response, but Fusion 360 interrupts the TLS session before the validation is completed. To me it looks like that Fusion 360 is too impatient to wait for the OCSP verification, and it wasn't even slow in this case. My educated guess is that there is timing issue in the Fusion 360 code, or maybe two concurrent threads (one doing the actually TLS connection and another the OCSP validation), and one thread does not wait for the other to complete fully.

I'm 99% sure the problem is not triggered by a proxy server, security software, or out of date OS patches.

Phil.E · ‎03-03-2023

Thanks for posting this and doing all this investigation. We're looking into it. (ref number FUS-124092)

Phil Eichmiller
Software Engineer
Quality Assurance
Autodesk, Inc.

Fusion

Unable to validate a security certificate

Unable to validate a security certificate

Forums Links

Post to forums