RE: Difficulties with SSL.
- From: "Cloyd, Ryan" <ryan.cloyd@xxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 11 Oct 2002 14:40:58 -0400
Alex, I don't know if you've found the answer to your problem yet, but if
not you should take a look at the Microsoft KB article Q292569 on this
problem. I had a similar problem, but I found out that I had installed the
certificate to the wrong folder within the Certificates MMC, and I hadn't
restarted the ISA services either. After I followed the article and
restarted the services, all was well.
As far as the "non-secure" items that aren't being shown on the page, you
should verify that the path is correct and using the correct protocol. I
was unable to see various images on my site that were within a common images
folder. The folder was specified with the IP address instead of the domain
name that I used to for the SSL cert. I adjusted the path to correct the
problem. (In my case, I just made the path relative vs. using the full
URL.)
HTH
-Ryan
-----Original Message-----
From: Alex [mailto:acollins@xxxxxx]
Sent: Friday, August 23, 2002 12:30 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Difficulties with SSL.
http://www.ISAserver.org
I am having difficulties with SSL.
I have applied for and have received a certificate thru Verisign. (I've
asked them for help, needless-to-say they never heard of ISA Server) I have
successfully installed the certificate on my Webserver (I know it operates
and was successful as it was tested Pre-ISA Server with a simple router.
(All SSL requirements operational at that point.)
I have since installed ISA Server and have successfully setup the website
following the instructions provided by both Microsoft website and
Configuring ISA Server 2000 by Tom Shinder. However there seems to be a
conflict with what the Microsoft recommends and what Tom Shinder suggests.
When installing the SSL Certificate I have followed procedures such as
exporting the certificate then importing it into the ISA Server. My problem
is this, when bridging the Published website you have three options under
"Redirecting SSL Requests": For this inquiry ignore the option for FTP
requests.
1. HTTP requests (Terminate the secure channel at the Proxy) (Suggested by
Microsoft)
If I use option one (As suggested by Microsoft) I can view my secure pages
only but have a problem with a Security Information popup screen (which I
never had before ISA) asking to view both secure and none secure items. If
you click no, you don't see have the page and if you click yes you get your
lock on the bottom of the page. This is obviously not what I intended, nor
am I happy with this solution
2. SSL requests (Establish a new secure channel to the site) (Suggested in
the ISA Server 2000 Book)
If I select this option the grayed box at the bottom of the window opens up
to allow you to "use a certificate to authenticate to the SSL Web Server"
Sounds simple enough right? Well when I choose select I get an error
stating that "There are no certificates configured on this server" Yet if I
check in the certificates snap-in I can see my certificate right there
staring back at me and it is successfully installed.
Note: When I opt to use this feature, and leave "select a certificate" blank
I get this error when I try to view the SSL Pages on my site:
500 Internal Server Error - The target principal name is incorrect.
(-2146893022)
Internet Security and Acceleration Server
Could you please tell me what I am doing wrong. Just in case you ask I have
installed the certificate with the Key! So I don't see that being the
problem either.
As suggested by Tom, I am not securing the entire site I am only securing
parts or sections of the site.
___________________________________
Yours truly,
Absolutely frustrated!
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ryan.cloyd@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
