Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

The issuer of this certificate could not be found.

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Web Publishing >> The issuer of this certificate could not be found. Page: [1]
Login
Message << Older Topic   Newer Topic >>
The issuer of this certificate could not be found. - 7.Jan.2003 5:18:00 PM   
jayal1972

 

Posts: 31
Joined: 7.Jan.2003
From: Stockholm
Status: offline 		Hi all! And Tom who is the new king... ;-)

Some tricky problem regarding received Certificate from a external website, but it works...

When a web client connects to the external interface of the ISA he receives a certificate and this choices:

Yes / No / View Certificate

If he then views the certificate he can read the following text:

"The security certificate was issued by a company you have not chosen to trust. View the certificate to determine wether you want to trust the certifying authority."

You then install in under Trusted Root Authorities manually. If you install it automatically then it installs under Intermediate Certification Authorities.

Later when you connect again you think that the Certificate is trusted but itŠs not because the Certificate is missing the Root Certificate.

If you examine the certificate (you received and installed from the website) in the Certificates - Current User, you can read the following:

"Windows does not have enough information to verify this certificate."
"The issuer of this certificate could not be found."

Why this?
Is this because the certificate link the web client receives is broken and the root certificate is missing?
Who do I fix this?
Anyone who knows?

Thanks in advance!
Sincerely Jay
Post #: 1
RE: The issuer of this certificate could not be found. - 7.Jan.2003 7:31:00 PM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Jay,

I believe that all the certificates in the chain weren't included with the certificate you recieved, and the URL used to confirm the certificate trust wasn't usable or valid. However, from what I understand, IE doesn't check for this anyway [Smile] , so its important to include the all certs in the chain.

HTH<
Tom

(in reply to jayal1972)
Post #: 2
RE: The issuer of this certificate could not be found. - 7.Jan.2003 8:07:00 PM   
jayal1972

 

Posts: 31
Joined: 7.Jan.2003
From: Stockholm
Status: offline 		Hi Tom!
Thanks for everything,
You have learned me and other people so much!

Regarding my problem:
SBS 2000 with all the latest SP.

Was this certificate chain broken when I exported the certificate from the default web server properties? (Web server certificate).
I choosed to include all links in the Certificate chain (during the export wizard) but itŠs still the same problem.

How do I get all certificates included in the web server certificate? (So the certificate link work on a external computer)
I have followed your publications exactly... :-)

Thanks in advance!

(in reply to jayal1972)
Post #: 3
RE: The issuer of this certificate could not be found. - 7.Jan.2003 9:08:00 PM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Jay,

You might want to request another certificate for the Web site, then export it, and then import it again into the Incoming Web Requests listener. There must have been an error somewhere during the certificate aquisition or export phase.

HTH,
Tom

(in reply to jayal1972)
Post #: 4
RE: The issuer of this certificate could not be found. - 7.Jan.2003 11:10:00 PM   
jayal1972

 

Posts: 31
Joined: 7.Jan.2003
From: Stockholm
Status: offline 		Hi again all!

Thanks for your help Tom I relly appreciate it.

I have looked true the certificates journey know...

It seemes like the certificate link (Website Cert and root Cert) is connected during export and import.

I checked if they where OK after export by importing them again and everything was fine.
When I import the Web site Certificate both Certificates (Web site and Root) is imported into the store. (Machine Account)

I canŠt control if the links and certifcates is whole after connecting it to ISA Web Request but probably.

When the external client receives the Cert it wanŠt to be installed into the computers store.
After installation is says:
"The issuer of this certificate could not be found."

If I manually install the root certificate received thru diskette or mail then it works.

I think the problem is when ISA is sending the Cert. Is the ISA Web Request listener really sending a Website Certificate together with a Root Certificate?

The size of the received Cert is smaller than the working Cert on the ISA server so the client doesnŠt receive both Certs and links.

Thanks again!

(in reply to jayal1972)
Post #: 5
RE: The issuer of this certificate could not be found. - 8.Jan.2003 11:43:00 PM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Jay,

OK, I think I have a better idea of what the problem is now. You're trying to install a certificate into the user's certificate store, right? That won't work, since you need to install a machine certificate to use SSL. That means you're clients to obtain a certificate from your certificate server, or from a mutually trusted certificate authority.

Make sense?

Thanks!
Tom

(in reply to jayal1972)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Web Publishing >> The issuer of this certificate could not be found. Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts