Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

The page cannot be displayed when SSL

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Web Publishing >> The page cannot be displayed when SSL Page: [1]
Login
Message << Older Topic   Newer Topic >>
The page cannot be displayed when SSL - 29.Oct.2005 2:29:00 PM   
asutherland

 

Posts: 51
Joined: 23.Jan.2003
From: Nelson, B.C.
Status: offline 		PROBLEM:
Web Client

ôThe page cannot be displayedö û when attempting to access SSL site published by ISA. Web client has CA Trusted root certificate installed.

DETAILS:
On ISA,
DNS Lookups work portal.company1.com resolves to 192.168.0.20
Using SecureNAT û the ISA browser is able to connect to the portal.company1.com site using https://portal.company1.com URL
Using WebProxy û the ISA browser is able to connect to the portal1.company1.com site using the same URL. Therefore, the problem is not the SSL website itself. The problem is cannot establish an SSL session via the ISA Firewall Incoming Web Listener, even though the original Incoming Web Listener is working fine for all of itÆs SSL sites

ISA Config
Windows 2003 SP1, ISA 2000 SP2, Feature Pack 1

LAN NIC û 192.168.0.15 (default gateway for published servers and LAN web proxy clients)

External NIC1 û 142.xxx.xxx.216 = Incoming Web Listener for SSL sites on mailservername.ourdomain.com = MS Enterprise Root Certificate Server, OWA server
This SSL site works fine. https://mailservername.ourdomain.com/certsrv (basic authentication) https://mailservername.ourdomain.com/exchange (forms-based authentication). Everything works fine for the first Incoming Web Listener.

External NIC2 û 142.xxx.xxx.103 = Incoming Web Listener for SSL site (hosted on webservername.ourdomain.com) SSL WebSite = Portal.company1.com. Certificate imported and used for listener portal.company1.com

Portal.company1.com Web Publishing Rule û redirect to 192.168.0.20 (already tried portal.company1.com, but is not servername resolveable by AD DNS, so changed back to IP address and used ôsend original host headeràö)

Portal.company2.com Web Publishing Rule û redirect to 192.168.0.21

Web Server Config
Webserver name û webservername.ourdomain.com

Default Web Site config û all Unassigned.

LAN NIC1 û 192.168.0.20
WebSites = IP listening for all port 80 websites and port 443 for portal.company1.com, website certificate = portal.company1.com

LAN NIC2 û 192.168.0.21
WebSites û will be future portal.company2.com

SSL Certificates
Portal.company1.com = SSL website on webservername.ourdomain.com = 192.168.0.20
Portal.company2.com = SSL website on webservername.ourdomain.com = 192.168.0.21
Mailservername.ourdomain.com û SSL websites on mailservername.ourdomain.com û 192.168.0.22
Post #: 1
RE: The page cannot be displayed when SSL - 29.Oct.2005 2:55:00 PM   
asutherland

 

Posts: 51
Joined: 23.Jan.2003
From: Nelson, B.C.
Status: offline 		Just to clarify current settings Win2K3 SP1/ISA 2000 SP2, with security updates:

The client sends an HTTPS request to portal.company1.com to access an SSL Web site.
The request arrives on the external interface 142.xx.xxx.103 of the ISA Server 2000 firewall and is intercepted by the Web listener for the Portal Web Publishing rule.

The Web listener used by the Portal Web Publishing rule has a Web site certificate bound to it. The common name on the certificate is portal.company1.com.

The name in the request matches the common name on the Web site certificate bound to the Web listener (portal.company1.com).

The Portal Web Publishing rule is configured to forward the request to the web site on the internal network.

The Web Publishing rule on the ISA Server 2000 firewall is configured to forward the request to portal.company1.com, which is the same name on the Web site certificate bound to the external interface and the name used in the original user request.

The request is forwarded to the Portal Web site on the internal network. The Portal Web site also has a Web site certificate bound to it. The common name on the certificate is portal.company1.com.

This matches the name on the original client request (Http://portal.company1.com), the name on the certificate bound to the Web listener (portal.company1.com) that accepted the request, and the name used in the Web Publishing rule that redirected the request to the Portal Web site on the internal network. All the names match and if the user is authenticated, then the connection request is allowed.

This site was previously accessible without SSL, an now it's not available with https or http, even though SSL is not required by the website or the web publishing rule.

Don't understand why "the page cannot be displayed" occurs.

Desperate.
Allison

(in reply to asutherland)
Post #: 2
RE: The page cannot be displayed when SSL - 29.Oct.2005 8:43:00 PM   
asutherland

 

Posts: 51
Joined: 23.Jan.2003
From: Nelson, B.C.
Status: offline 		Can't access our portal.

http://portal.cbt.org
https://portal.cbt.org

(in reply to asutherland)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Web Publishing >> The page cannot be displayed when SSL Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts