Difficulties with SSL.

  • From: "Alex" <acollins@xxxxxx>
  • To: isalist@xxxxxxxxxxxxx
  • Date: Fri, 23 Aug 2002 10:30:05 -0600

I am having difficulties with SSL.

I have applied for and have received a certificate thru Verisign. (I've
asked them for help, needless-to-say they never heard of ISA Server) I
have successfully installed the certificate on my Webserver (I know it
operates and was successful as it was tested Pre-ISA Server with a simple
router.  (All SSL requirements operational at that point.)

I have since installed ISA Server and have successfully setup the website
following the instructions provided by both Microsoft website and
Configuring ISA Server 2000 by Tom Shinder.  However there seems to be a
conflict with what the Microsoft recommends and what Tom Shinder suggests.

When installing the SSL Certificate I have followed procedures such as
exporting the certificate then importing it into the ISA Server.  My
problem is this, when bridging the Published website you have three
options under "Redirecting SSL Requests":  For this inquiry ignore the
option for FTP requests.

1. HTTP requests (Terminate the secure channel at the Proxy) (Suggested by
Microsoft)

If I use option one (As suggested by Microsoft) I can view my secure pages
only but have a problem with a Security Information popup screen (which I
never had before ISA) asking to view both secure and none secure items. If
you click no, you don't see have the page and if you click yes you get
your lock on the bottom of the page.  This is obviously not what I
intended, nor am I happy with this solution

2. SSL requests (Establish a new secure channel to the site) (Suggested in
the ISA Server 2000 Book)

If I select this option the grayed box at the bottom of the window opens
up to allow you to "use a certificate to authenticate to the SSL Web
Server? Sounds simple enough right?  Well when I choose select I get an
error stating that "There are no certificates configured on this server?
Yet if I check in the certificates snap-in I can see my certificate right
there staring back at me and it is successfully installed.

Note: When I opt to use this feature, and leave ?select a certificate?
blank I get this error when I try to view the SSL Pages on my site:

500 Internal Server Error - The target principal name is incorrect.
(-2146893022)

Internet Security and Acceleration Server

Could you please tell me what I am doing wrong.  Just in case you ask I
have installed the certificate with the Key!  So I don't see that being
the problem either.

As suggested by Tom, I am not securing the entire site I am only securing
parts or sections of the site.

___________________________________

Yours truly,
Absolutely frustrated!


Other related posts: