Thanks Jim, I placed the certificate in the trusted root certificate authority, still the same error (same error but differnet reason I guess)
if I do the wizard Secure Web Server Publishing (Secure connection to clients only) it works fine, if I do Secure Web Server Publishing (Secure connection to clients and web server), it doesn't work and I get the (-2146893019) error, I have seen this reply on the forum http://forums.isaserver.org/m_60244600/tm.htm which seems logical, but since its not mentioned any where in Tom's articles when publishing OWA, does it apply to OWA? because I couldn't get OWA to work with the secure connection to clients AND webserver and I wonder if this was the reason?
In my case am using 2 certificates from one CA: one is wildcard certificate and the other is for the web server, so it should work, 1 certificate (wildcard) between clients and ISA, and the other certificate (webservr cert) between teh ISA and the webserver, its not working with error (-2146893019), any ideas?
For troubleshooting I want to publish one (not multiple) secure web site with one listener but with secure connection to clients and to web server , one certificate will be installed at the webserver and imported to the ISA and will be used between the webserver and ISA, but the other certificate to be used between ISA and clients will be installed at the ISA too, but to which server should it be obtained?
Thanks, r.
"Hello,
I am assuming that you fixed this problem several months ago, but I am replying for everyone else who is having the same problem.
I have had the same problem in the past and it took me a while to figure out why it was. What I didn't realise was that if you have encryption between the isaserver and the client and also the isaserver and the internal server you are trying to access, is that you require two certificates but they must be from the same certificate authority. I had two certifcates but one from external source and another from internal CA.
Hope this clears it up for a few people getting this error.
Thanks Richard"
------------------------------
*From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] *On Behalf Of *Jim Harrison *Sent:* Saturday, July 08, 2006 5:38 PM *To:* isalist@xxxxxxxxxxxxx *Subject:* RE: [isalist] Re: CA
this is because you don't ave the issuing CA cert in the ISA machine trusted root store.
------------------------------
*From:* isalist-bounce@xxxxxxxxxxxxx on behalf of Ruba Al-Omari *Sent:* Sat 7/8/2006 3:34 AM *To:* isalist@xxxxxxxxxxxxx *Subject:* [isalist] Re: CA
thanks Jim, I fixed the name, now am receiving this error:
Error Code: 500 Internal Server Error. The certificate chain was issued by an untrusted authority. (-2146893019)
Even though the IE is 6 sp2, I know the certificate is not from a trust authority (cause I made it a test certificate), and I saw a reply from Thomas to some one that the IE won't issue a 500 error, now its issuing, any advice?
Thanks,
r.
On 7/5/06, *Jim Harrison* <Jim@xxxxxxxxxxxx> wrote:
That's not what the error message is telling you. What it's saying is that the common name in the certificate does not match the destinaiton hostname specified in the publishing rule.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx on behalf of Ruba Al-Omari Sent: Wed 7/5/2006 9:20 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: CA
I checked the certificate installed on the webserver and the one on the ISA and they match, what else should I check?
Also If I install a third NIC on the ISA that belongs to the DMZ (that the second NIC belongs to) and create a second weblistener there, will that work? I have avaliable public IPs on teh "hardware" firewall (and wildcard certificates are quiet expensive.)
One last thing, does the ISA publish an Apache server?
Thanks, r.
On 7/5/06, Jim Harrison < Jim@xxxxxxxxxxxx> wrote:
That error tells you that they don't match between the ISA and the published server.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx on behalf of Ruba Al-Omari Sent: Wed 7/5/2006 4:06 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] CA
am doing this testing CA, I followed the article from Dr. Tom (Publishing 2 websites with the same web listener), the OWA is working ok, it listens to the wild card certificate and redirect to the webmail certificate, but the other site, it listens to the wildcard certificate, then get me the outlook FBA logon screen (which I don't like, but I will check it later), then after authentication I receive the error:
* Error Code: 500 Internal Server Error. The target principal name is incorrect. (-2146893022)
I am sure the name on the certificate is the same name at the public DNS and internal DNS and publishing rule, any advice?
Thanks, r.
All mail to and from this domain is GFI-scanned.
All mail to and from this domain is GFI-scanned.