[isalist] Re: CA

  • From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Sat, 8 Jul 2006 07:38:15 -0700

this is because you don't ave the issuing CA cert in the ISA machine trusted 
root store.

________________________________

From: isalist-bounce@xxxxxxxxxxxxx on behalf of Ruba Al-Omari
Sent: Sat 7/8/2006 3:34 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: CA


thanks Jim, I fixed the name, now am receiving this error:
 
Error Code: 500 Internal Server Error. The certificate chain was issued by an 
untrusted authority. (-2146893019) 
 
Even though the IE is 6 sp2, I know the certificate is not from a trust 
authority (cause I made it a test certificate), and I saw a reply from Thomas 
to some one that the IE won't issue a 500 error, now its issuing, any advice? 
Thanks,
r.
 
On 7/5/06, Jim Harrison <Jim@xxxxxxxxxxxx> wrote: 

        That's not what the error message is telling you.
        What it's saying is that the common name in the certificate does not 
match the destinaiton hostname specified in the publishing rule. 
        
        ________________________________
        
        From: isalist-bounce@xxxxxxxxxxxxx on behalf of Ruba Al-Omari 
        Sent: Wed 7/5/2006 9:20 AM
        To: isalist@xxxxxxxxxxxxx
        Subject: [isalist] Re: CA
        
        
        I checked the certificate installed on the webserver and the one on the 
ISA and they match, what else should I check? 
        
        Also If I install a third NIC on the ISA that belongs to the DMZ (that 
the second NIC belongs to) and create a second weblistener there, will that 
work? I have avaliable public IPs on teh "hardware" firewall (and wildcard 
certificates are quiet expensive.) 
        
        One last thing, does the ISA publish an Apache server?
        
        Thanks,
        r.
        
        On 7/5/06, Jim Harrison < Jim@xxxxxxxxxxxx <mailto:Jim@xxxxxxxxxxxx> > 
wrote:
        
               That error tells you that they don't match between the ISA and 
the published server. 
        
               ________________________________
        
               From: isalist-bounce@xxxxxxxxxxxxx on behalf of Ruba Al-Omari
               Sent: Wed 7/5/2006 4:06 AM
               To: isalist@xxxxxxxxxxxxx
               Subject: [isalist] CA
        
        
               am doing this testing CA, I followed the article from Dr. Tom 
(Publishing 2 websites with the same web listener), the OWA is working ok, it 
listens to the wild card certificate and redirect to the webmail certificate, 
but the other site, it listens to the wildcard certificate, then get me the 
outlook FBA logon screen (which I don't like, but I will check it later), then 
after authentication I receive the error: 
        
               *       Error Code: 500 Internal Server Error. The target 
principal name is incorrect. (-2146893022)
        
               I am sure the name on the certificate is the same name at the 
public DNS and internal DNS and publishing rule, any advice? 
        
               Thanks,
               r.
        
               All mail to and from this domain is GFI-scanned.
        
        
        
        
        
        
        All mail to and from this domain is GFI-scanned.
        
        
        



All mail to and from this domain is GFI-scanned.

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 07-2006