RE: SSL problem with OWA
- From: "Dan Bartley" <bartleyd@xxxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sun, 20 Apr 2003 11:32:59 -0400
Sorry about the delay on answering this. Here is the follow-up. The web
browser gets a certificate error stating the name on the certificate is
invalid or does not match the name of the site. If I click yes to
proceed, I get this error in the browser:
500 Internal Server Error - The target principal name is incorrect.
(-2146893022)
Internet Security and Acceleration Server
This is the error that matches the attempt from the web proxy log:
xx.xxx.xx.xx anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.2; .NET CLR 1.1.4322; .NET CLR 1.0.3705) 2003-04-20 14:46:30
INTRASYS-ISA - intrasys1 192.168.100.1 443 70 354 - http GET
http://192.168.100.1:443/exchange/ Inet -2146893022
Because of the first error on a problem with the certificate, I am
assuming I am doing something wrong with the Incoming Web Requests SSL
listener certificate that I used. I think maybe I don't understand what
is meant by "the name of the certificate must match the name of the
published site".
I tried importing the certificate from the internal OWA server to match
the name. I requested and installed several server certificates using
every combination of friendly name to match the ISA server, the public
DNS name being used and the name of the internal OWA server. None of
those worked. Or do they mean the name of the actual Rule for the
published site, such as "OWA". Help, I'm lost.
Best Regards,
Dan Bartley
_____
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Wednesday, April 16, 2003 10:55 PM
To: [ISAserver.org Discussion List]
http://www.ISAserver.org
Hi Dan,
What is the exact error you receive? What do you see in the Web Proxy
log?
Thanks!
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Dan Bartley [mailto:bartleyd@xxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, April 15, 2003 7:27 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] SSL problem with OWA
http://www.ISAserver.org
Here is the scenario.
Running Exchange 2003 on Windows server 2003. Trying to enable
the SSL for OWA to use the new forms and cookie based authentication.
Works fine from the Intranet, but fails with the Internet. If I type
https in the address I get a could not find server error. http works
fine. If I set ISA to redirect http requests to SSL I get a target name
is incorrect error. Set it back to redirect to http and all is fine
again (except no forms based authentication).
Any thoughts on why I can not get SSL to redirect properly? I'm
sure I missed something obvious, but I seem to be brain dead on what
that is. TIA.
Best Regards,
Dan Bartley
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bartleyd@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
