RE: HTTPS websites locks up.....
- From: "Quillman Shawn (RBNA/CIT1.1) *" <Shawn.Quillman@xxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 16 Oct 2003 09:03:59 -0500
I guess if that's going to be published I'll give more of an explanation.
SSL requests can appear to hang when checking for certificate revocations if
the corresponding CA is overly busy or otherwise unreachable. The timeout
on this seems to either not exist or be quite long. Typical symptoms that I
see are "broken images" while IE is still cranking and reaalllyy long page
loads.
The Do not save encrypted pages to disk "feature" messes mainly with file
downloads. This is saying "don't cache ssl requests". This is problematic
with files that require third party apps to view as the file does not get
passed to the other application correctly. IE apparently sends the external
app the name of a temp file and if you aren't saving these files to disk
there's nothing for the app to open, throwing an error back to IE. Typical
error is "Internet Explorer cannot download <insertURLhere>. Internet
Explorer was not able to open this Internet site. The requested site is
either unavailable or cannot be found. Please try again later."
Yet more features that are good ideas on paper but didn't translate well
into bits.
Bozo cookie. Sound's good. Does the button say "Best Damn Firewall Guy
Period"? :)
-Shawn
-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT1.1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, October 16, 2003 9:46 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: HTTPS websites locks up.....
http://www.ISAserver.org
Hi Shawn,
You just supplied the "tips of the month" for the next ISAServer.org
newsletter!
Thanks!
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Quillman Shawn (RBNA/CIT1.1) *
[mailto:Shawn.Quillman@xxxxxxxxxxxx]
Sent: Thursday, October 16, 2003 8:34 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: HTTPS websites locks up.....
http://www.ISAserver.org
Also check these IE settings in Tools | Internet Options | Advanced Tab,
Security section at the bottom:
- Check for publisher's certificate revocation
- Check for server certificate revocation
- Do not save encrypted pages to disk
I have seen all 3 of these appear to hang an SSL request when checked.
The
third option above is especially for downloads of files not natively
handled
by IE.
-Shawn
-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT1.1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx
-----Original Message-----
From: cismic [mailto:cismic@xxxxxxx]
Sent: Wednesday, October 15, 2003 4:56 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: HTTPS websites locks up.....
AD: Get Thawte's New Step-by-Step SSL Guide for MSIIS:
http://www.isaserver.org/thawte/
From internet browser;
Go to tools, > Options > Connections (TAB) > Lan Settings
At this point make sure that bypass proxy for local servers is selected.
Select Advanced and under exceptions enter the IP Address of your
internal sites
If you know the FQN then enter those such as MYSITE, MYDOMAIN; etc.
-----Original Message-----
From: Zygmin Patel [mailto:zpatel@xxxxxxxxxxxxx]
Sent: Wednesday, October 15, 2003 1:12 PM
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: HTTPS websites locks up.....
What does that mean and how can I do?
-----Original Message-----
From: cismic [mailto:cismic@xxxxxxx]
Sent: Wed 10/15/2003 3:05 PM
To: [ISAserver.org Discussion List]
Cc:
Subject: [isalist] RE: HTTPS websites locks up.....
AD: Get Thawte's New Step-by-Step SSL Guide for MSIIS:
http://www.isaserver.org/thawte/
Like I said it could be many issues.
Try setting the internal proxy to not use proxy for internal
settings.
Joseph
-----Original Message-----
From: Zygmin Patel [mailto:zpatel@xxxxxxxxxxxxx]
Sent: Wednesday, October 15, 2003 12:49 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: HTTPS websites locks up.....
AD: Get Thawte's New Step-by-Step SSL Guide for MSIIS:
http://www.isaserver.org/thawte/
If I use same computer outside the ISA network it works fine.
Zygmin
Bantam Interactive Technologies, Inc.
"Audio with Vision"
T: (314) 802-0132
F: (314) 802-0133
www.bantamusa.com
-----Original Message-----
From: cismic [mailto:cismic@xxxxxxx]
Sent: Wednesday, October 15, 2003 1:50 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: HTTPS websites locks up.....
AD: Get Thawte's New Step-by-Step SSL Guide for MSIIS:
http://www.isaserver.org/thawte/
This could be a number of reasons
1. Check to make sure activex controls are allowed to run.
2. Check to make sure scripting is turned on.
3. Check to make sure All parts of the web page are coming from
an
https:// images, pages etc.
Sometimes mixed content will not be available
Etc, etc,
Joseph
-----Original Message-----
From: Zygmin Patel [mailto:zpatel@xxxxxxxxxxxxx]
Sent: Wednesday, October 15, 2003 11:18 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] HTTPS websites locks up.....
AD: Get Thawte's New Step-by-Step SSL Guide for MSIIS:
http://www.isaserver.org/thawte/
Hello,
We got employees, who wants to do online transactions/banking
(for
customers), and they are using .com">https://www2.<XXXXXXx>.com
<https://www2.>
Here is the problem, all clients are Web Clients now, they can
log in,
but when they want to use menus/tabs from the website, they
never get
through that menus.
What I'm missing here?
Zygmin
Bantam Interactive Technologies, Inc.
"Audio with Vision"
T: (314) 802-0132
F: (314) 802-0133
www.bantamusa.com
<file:///C:/Documents%20and%20Settings/zpatel/Application%20Data/Microso
ft/Signatures/www.bantamusa.com>
Get Thawte's New Step-by-Step SSL Guide for MSIIS
Find out how to test, purchase, and install a Thawte Digital
Certificate
on your MSIIS web server:
http://www.isaserver.org/thawte/
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as:
cismic@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
Get Thawte's New Step-by-Step SSL Guide for MSIIS
Find out how to test, purchase, and install a Thawte Digital
Certificate
on your MSIIS web server:
http://www.isaserver.org/thawte/
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as:
zpatel@xxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
Get Thawte's New Step-by-Step SSL Guide for MSIIS
Find out how to test, purchase, and install a Thawte Digital
Certificate
on your MSIIS web server:
http://www.isaserver.org/thawte/
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as:
cismic@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
Get Thawte's New Step-by-Step SSL Guide for MSIIS
Find out how to test, purchase, and install a Thawte Digital
Certificate on your MSIIS web server:
http://www.isaserver.org/thawte/
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: zpatel@xxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Get Thawte's New Step-by-Step SSL Guide for MSIIS
Find out how to test, purchase, and install a Thawte Digital Certificate
on
your MSIIS web server:
http://www.isaserver.org/thawte/
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
