• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SSL help needed

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> SSL help needed Page: [1]
Login
Message << Older Topic   Newer Topic >>
SSL help needed - 10.Apr.2001 12:45:00 AM   
Ironic

 

Posts: 64
Joined: 26.Feb.2001
From: Denmark
Status: offline
After several nights trying to get my SSL sites published through ISA I need some help.

ISA and IIS on same server.
I have set up web site A to listen on port 81 and 444 on the internal IP. ISA is listening on port 80 and 443 with the use of a certificate. So far so good.
I then made a web publishing rule. It makes a simple redirection to the internal IP. HTTP continues as HTTP. HTTPS continues as HTTPS.
On IIS I have a certificate. This certificate is issued to the same name I use on the publishing rule (in fact it is issued to my internal IP, so the name is "192.168.0.1" - I have tried everything here).
When I now try to write https://mydomain.com I receive the dredded error:
500 Internal Server Error - The target principal name is incorrect. (-2146893022)

And that's not all. It takes about 100 seconds before I get this error. After about 30 seconds I am asked to accept the certificate from ISA (this one is issued to servername.mydomain.com). I then wait another minute before I get this error.

The machine is certainly fast enough and the internet connection is as well.

Any ideas here? I have multiple web sites that I need to publish using SSL. They are on the same server, and I have only one IP number. This was no problem with Proxy 2.0, but I just keep running my head against the wall with this problem on ISA...

Any ideas or perhaps a very detailed step-by-step guide to publishing SSL sites through ISA?

TIA,

- Sam

Post #: 1
RE: SSL help needed - 10.Apr.2001 5:58:00 PM   
Alex

 

Posts: 3
Joined: 24.Sep.2001
Status: offline
quote:
Originally posted by Ironic:
After several nights trying to get my SSL sites published through ISA I need some help.

ISA and IIS on same server.
I have set up web site A to listen on port 81 and 444 on the internal IP. ISA is listening on port 80 and 443 with the use of a certificate. So far so good.
I then made a web publishing rule. It makes a simple redirection to the internal IP. HTTP continues as HTTP. HTTPS continues as HTTPS.
On IIS I have a certificate. This certificate is issued to the same name I use on the publishing rule (in fact it is issued to my internal IP, so the name is "192.168.0.1" - I have tried everything here).
When I now try to write https://mydomain.com I receive the dredded error:
500 Internal Server Error - The target principal name is incorrect. (-2146893022)

And that's not all. It takes about 100 seconds before I get this error. After about 30 seconds I am asked to accept the certificate from ISA (this one is issued to servername.mydomain.com). I then wait another minute before I get this error.

The machine is certainly fast enough and the internet connection is as well.

Any ideas here? I have multiple web sites that I need to publish using SSL. They are on the same server, and I have only one IP number. This was no problem with Proxy 2.0, but I just keep running my head against the wall with this problem on ISA...

Any ideas or perhaps a very detailed step-by-step guide to publishing SSL sites through ISA?

TIA,

- Sam


I saw this scenario working once, so it's probably configuration issue. It seems to me that you might have entered some kind of loop. That is the request from ISA you meant to send to IIS arrives to a port which ISA is listening on (this explains the delay and the mesage about certificate name mismatch). Check in the web publishing rule, whether you actually redirect the request to the port 444, and whether the IIS is one who's listening there.


(in reply to Ironic)
Post #: 2
RE: SSL help needed - 11.Apr.2001 2:17:00 AM   
sfaryu

 

Posts: 84
Joined: 1.Feb.2001
From: Los Angeles, CA, USA
Status: offline
Hey Ironic,

Try this link: http://itresources.brainbuzz.com/tutorials/tutorial.asp?t=S1TU1206&tn=Secure+Web+Publishing&pi=S1C63&pn=Firewalls


(in reply to Ironic)
Post #: 3
RE: SSL help needed - 12.Apr.2001 2:41:00 PM   
Ironic

 

Posts: 64
Joined: 26.Feb.2001
From: Denmark
Status: offline
Thanks for the link. I followed it step-by-step and it works !
The thing I had not realised was that I needed to make a destination set and publishing rule for every sub-dir I wanted secured. I've done that and it works

- Sam


(in reply to Ironic)
Post #: 4
RE: SSL help needed - 12.Apr.2001 8:27:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Sam and Safaryu,

Martin Grasdal wrote that excellent article. He is the Tech Editor of our book too. If it weren't for Martin, the book wouldn't have been half as good as it is!

Thanks!

Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/


(in reply to Ironic)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> SSL help needed Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts