Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
The certificate chain was issued by an untrusted authority. (-2146893019)
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
The certificate chain was issued by an untrusted author... - 17.Feb.2003 4:24:00 AM
|
|
|
okoksal
Posts: 2
Joined: 17.Feb.2003
Status: offline
|
I have read all the posts on this error and Dr. Shinder's article on the Internal 500 error. The problem I am having seems a little different. The name of the security certificate (CA) matches the name of the URL I am trying to access, the date is valid, and I have installed the cert in the trusted root of the client. The cert was created on an Internal Stand-alone CA using MS Cert Services. I am bridging SSL to SSL and at this point I cannot see where the problem lies. I have also tried removing the cert on the web server and created a new one with no luck either. I have the ISA server configured in cache only mode located on a private DMZ network behind a Checkpoint FW, the web server is located on a private internal network behind a Checkpoint FW-1 server. No issues with the firewall and packets getting through. I am getting a strange event log id "schannel" 36876 "The certificate received from the remote server has not validated correctly. The error code is 0x80090322. The SSL connection has failed. The attached data contains the server certificate. " I am not sure as to how it wasn't validated correctly. There is one MS Q Article that points to this Event ID error Q254610. It points to an LDAP problem which I have not persued yet but will. If anyone has any ideas it would be much appreciated.
|
|
|
|
|
RE: The certificate chain was issued by an untrusted au... - 17.Feb.2003 2:43:00 PM
|
|
|
pinball
Posts: 188
Joined: 8.Jul.2002
From: Dundee, Scotland
Status: offline
|
Onur,
How are you testing the certificate, are you trying to connect while connected to the lan or are you actually trying to connect via a dial up/internet access.
I had a similar problem that drove me mad for several days, but as soon as I tested from outside of the office I found it had actually been working fine, I never did find out why.
|
|
|
|
|
RE: The certificate chain was issued by an untrusted au... - 17.Feb.2003 3:11:00 PM
|
|
|
SKruese
Posts: 11
Joined: 13.Dec.2002
From: The Netherlands
Status: offline
|
Hi Onur,
Can you give some more details like:
- Do you get the error on IIS or on ISA (or both)
- Did you export a certificate from IIS to ISA
- Do you use a client-side certificate to authenticatie the ISA to the IIS
- Did you also import the CA root certificate on the ISA en IIS
Regards,
Sander
|
|
|
|
RE: The certificate chain was issued by an untrusted au... - 17.Feb.2003 4:02:00 PM
|
|
|
okoksal
Posts: 2
Joined: 17.Feb.2003
Status: offline
|
I have tested the connection from an outside connection, same error.
Can you give some more details like:
- Do you get the error on IIS or on ISA (or both)
From any client connecting.
- Did you export a certificate from IIS to ISA
Yes.
- Do you use a client-side certificate to authenticatie the ISA to the IIS
No. Don't want to do client-side certificates.
- Did you also import the CA root certificate on the ISA en IIS
The cert i exported from IIS is imported and correctly assigned to the incoming listener. SSL is enabled and everything looks good.
I think my issue is related to the certificate not being able to verify up to the CA. I think the cert installed on ISA requires it in order to obtain CRL information. I don't want to make the ISA server part of the AD domain. I want it in it's own workgroup. This maybe the problem I am thinking. ISA may require it being included in a AD domain.
I am going to keep hacking at this thanks for the info.
Cheers!
|
|
|
|
|
RE: The certificate chain was issued by an untrusted au... - 18.Feb.2003 3:37:00 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Onur,
Some suggestions:
1. Get the ISA Server behind the checkpoint
2. Have the ISA Server request a machine certificate from the same certificate server
3. Make sure you're forcing SSL on the OWA directories
HTH,
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
