[isalist] Re: Certificate Problem

• From: Rob Moore <RMoore@xxxxxxxx>
• To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 20 May 2011 14:42:21 -0400

Yes, but it was an inadvertent lie. I didn't realize I had to bind the right 
cert to the default website. Didn't really know how to do it either. But I did 
figure it out.

:)

Rob

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA GM
Sent: Friday, May 20, 2011 1:36 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Certificate Problem

So you lied to me ;-)
You weren't using the same certificate.

Good that you find it.

Regards
Diego R. Pietruszka

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Rob Moore
Sent: Friday, May 20, 2011 1:22 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Certificate Problem

Looks like I got this one licked. The internal server hosting the RD Web Access 
role had its own internal certificate bound to the website. As soon as I 
changed the binding to the commercial certificate, all the errors went away.

I'm not too familiar with IIS, so didn't figure that one out right away.

Thanks,
Rob

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jim Harrison
Sent: Friday, May 20, 2011 10:00 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Certificate Problem

Jerry has it right - you have to ensure that the entire trust chain is found in 
the TMG server local computer trusted root and intermediate stores as 
appropriate.

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Rob Moore
Sent: Thursday, May 19, 2011 10:57 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Certificate Problem

Yep.

Rob

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA GM
Sent: Thursday, May 19, 2011 12:36 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Certificate Problem

R u using the same cert. On TMG and the internal server?

Thanks
Diego

Having fun in Tech-Ed Atlanta!
Sent from my Windows Phone
________________________________
From: Rob Moore
Sent: Thursday, May 19, 2011 11:45 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Certificate Problem
Yeah, that's how I did it-in the Computer certificate store. Thanks for the 
idea, though.

Rob

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jerry Young
Sent: Thursday, May 19, 2011 11:30 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Certificate Problem

Make sure the root and intermediary certificates are installed in the Computer 
certificate stores, not the User certificate stores.  The error is caused by 
some certificate in the chain not being installed on the server correctly.
On Thu, May 19, 2011 at 11:06 AM, Rob Moore 
<RMoore@xxxxxxxx<mailto:RMoore@xxxxxxxx>> wrote:
Hello All-

Has anyone run into this particular problem before? I'm trying to publish an RD 
Web Access site using TMG. I've configured RD Web Access on an internal server 
and it works internally. (Although when connecting to it I get a certificate 
error. I can connect anyway.) I can't connect to it externally, though. I get 
this error:
"The certificate chain was issued by an authority that is not trusted. 
(-2146893019<tel:%28-2146893019>)"

I've tried buying a new cert (from Go Daddy). I followed the certificate 
installation instructions to the letter, including installation of the 
intermediate certificate, on both the TMG server and the internal server that 
is hosting the RD Web Access site. But when I do "Test Rule" on this rule, it 
tells me: "0x80090325 - The certificate chain was issued by an authority that 
is not trusted." It suggests I see 
go.microsoft.com/fwlink/?LinkId=115965<http://go.microsoft.com/fwlink/?LinkId=115965>.
 All that says, though, is that I need to "Import the CA certificate." I 
thought putting in the intermediate certificate did just that.

I have four other Go Daddy certs on the TMG server and they all work normally.

I've Googled these errors and mostly found the same advice, to install the CA 
certificate.

Any hints? Should I talk to the Go Daddy folks?

Thanks,
Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rob Moore
Network Manager
215-241-7870<tel:215-241-7870>
Helpdesk: 800-500-AFSC




--
Cordially yours,
Jerry G. Young II, CISSP
Microsoft Certified Systems Engineer
Young Consulting & Staffing Services Company - Owner
www.youngcss.com<http://www.youngcss.com/>

• References:
  • [isalist] Certificate Problem
    • From: Rob Moore
  • [isalist] Re: Certificate Problem
    • From: Jerry Young
  • [isalist] Re: Certificate Problem
    • From: Rob Moore
  • [isalist] Re: Certificate Problem
    • From: D PIETRUSZKA USWRN INTERLINK INFRA GM
  • [isalist] Re: Certificate Problem
    • From: Rob Moore
  • [isalist] Re: Certificate Problem
    • From: Jim Harrison
  • [isalist] Re: Certificate Problem
    • From: Rob Moore
  • [isalist] Re: Certificate Problem
    • From: D PIETRUSZKA USWRN INTERLINK INFRA GM

Other related posts:

• » [isalist] Certificate Problem- Rob Moore
• » [isalist] Re: Certificate Problem- Jerry Young
• » [isalist] Re: Certificate Problem- Rob Moore
• » [isalist] Re: Certificate Problem- D PIETRUSZKA USWRN INTERLINK INFRA GM
• » [isalist] Re: Certificate Problem- Rob Moore
• » [isalist] Re: Certificate Problem- Jim Harrison
• » [isalist] Re: Certificate Problem- Rob Moore
• » [isalist] Re: Certificate Problem- D PIETRUSZKA USWRN INTERLINK INFRA GM
• » [isalist] Re: Certificate Problem - Rob Moore

1. Home
2. isalist
3. Archive
4. 05-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---