Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Versign New certificate issue on ISA 2004 Web publishing

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> Versign New certificate issue on ISA 2004 Web publishing Page: [1]
Login
Message << Older Topic   Newer Topic >>
Versign New certificate issue on ISA 2004 Web publishing - 30.Mar.2008 8:59:19 AM   
gertj

 

Posts: 4
Joined: 28.Mar.2008
Status: offline 		Hello, i am pretty new to ISA but have done some practice in installation of ISA 2004 standard and ISA 2006 Enterprise editions.
I am breaking my head over a certificate and SSL web publishing issue.

At the moment Verisign is handing out new "two tier" Class 3 Secure Server CA certificates instead of the "one tier" Secure Server Certificates we currently have on web publishing rules.
Reason: expiration of the current Verisign certificate hierarchy i suppose.

This weekend when deploying a new certificate for a general website on a ISA 2004  box, the certificate did not show me the intermediate certificate chain to the Public Primary and Secure Server CA at Verisign.
I have also installed a so called "intermediate" certificate from Verisign on the ISA 2004 server but when i try and reach the website, i receive a HTTP 1790 logon failure.
When i look at the certificate from the web client i only see the secure path for the web site and not the two tier hierarchy thus the certificate is not fully operational and valid.

The strange part is that on ISA 2006 Enterprise servers i have done the same on the Webfarm (IIS) and both ISA 2006 Servers and this works fine without installing an intermediate certificate.
When you install the .cer file on IIS 6.0 it correctly shows the hierarchy to Verisign and when you install the .pfx exported format on ISA 2006 it shows the correct two tier hierarchy to verisign.

After successfully changing the ISA 2006 environment i did the same on the ISA 2004 environment but without any luck so far.

The only differences for my two environments are:
New:
Windows Server 2003 R2 32 bit for ISA 2006 Enterprise and IIS 6.0 servers
Old:
Windows Server 2003 SP1 32 bit for ISA 2004 and IIS 5.0 servers.

Can someone help me analyze this issue?
Thanks

GJ

< Message edited by gertj -- 30.Mar.2008 9:08:14 AM >
Post #: 1
RE: Versign New certificate issue on ISA 2004 Web publi... - 1.Apr.2008 2:49:21 AM   
gertj

 

Posts: 4
Joined: 28.Mar.2008
Status: offline 		Quick reply and update on the above matter,

I have tried to export the correct ISA 2006 imported certifcate and certificate chain and imported it to the ISA 2004 environment,
When i do this i see the Verisign Class 3 Secure Server CA cert being imported, this is a better result than at first!
Result for reaching the site is still the same however and and i receive: Error Code: 500 Internal Server Error. The network logon failed. (1790).
When i show the certificate i only see the site name and not the Versign trust chain.
 
When i revert back to the Secure Server CA cert everything works fine again!??

(in reply to gertj)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> Versign New certificate issue on ISA 2004 Web publishing Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts