Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
SSL Issue with ISA on Windows 2003 Server
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
SSL Issue with ISA on Windows 2003 Server - 13.Jan.2004 8:13:00 AM
|
|
|
Yaniel
Posts: 3
Joined: 3.Dec.2003
From: Perth, Australia
Status: offline
|
I am trying to move some SSL base Web Publishing rules from an ISA server running Windows Server 2000 to another ISA Server running Windows 2003 Server on my DMZ.
I have exported all certificates including the root certificates (the CA is internal), and imported onto the new server. I have checked that the certificate is valid and the server believes it can validate it's root certificate.
I have configured the Web Publishing Rule as per to old server, moved the IP Address to the new server and configured the listener in ISA to use the correct ceritifcate.
When I try to connect from a client I am told the Certificate Chain is not valid. If I try to connect to the destination web server from the ISA box, I receive an error : "Revocation information for the security certificate for this site is not available. Do you want to proceed?"
This seems to be an additional security feature in Windows 2003 Server. Does anyone know how I can get around it, given that I can not make the CA visible to the ISA Server to allow it to get the CRL form the CA.
Cheers,
James.
|
|
|
|
RE: SSL Issue with ISA on Windows 2003 Server - 14.Jan.2004 3:19:00 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi James,
I'm not sure what you mean by trying to connect from the ISA firewall.
Is this a Web Publishing issue or an outbound access issue from the ISA firewall?
Thanks!
Tom
|
|
|
|
|
RE: SSL Issue with ISA on Windows 2003 Server - 19.Jan.2004 8:58:00 AM
|
|
|
Yaniel
Posts: 3
Joined: 3.Dec.2003
From: Perth, Australia
Status: offline
|
Tom,
This is a web publishing issue.
In the past to ensure that I have the certificate chain in place I have connected to the internal web server (the one being published) from the ISA server using IE as a test. If this connected without any prompts, the publishing would work. If it prompted (normally because the certificate chain was not right), connecting via the publishing rule would not work.
In this case I have checked the root certificate is in place and all seems well, but I get this error saying that it could not find the revocation information for the certificate. I have not seen this error on the old ISA server.
James.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Smile]](/image/smiles/smile.gif)
