• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

The certificate chain was issued by an untrusted authority. (-2146893019)

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Web Publishing >> The certificate chain was issued by an untrusted authority. (-2146893019) Page: [1]
Login
Message << Older Topic   Newer Topic >>
The certificate chain was issued by an untrusted author... - 17.Feb.2003 4:24:00 AM   
okoksal

 

Posts: 2
Joined: 17.Feb.2003
Status: offline
I have read all the posts on this error and Dr. Shinder's article on the Internal 500 error. The problem I am having seems a little different. The name of the security certificate (CA) matches the name of the URL I am trying to access, the date is valid, and I have installed the cert in the trusted root of the client. The cert was created on an Internal Stand-alone CA using MS Cert Services. I am bridging SSL to SSL and at this point I cannot see where the problem lies. I have also tried removing the cert on the web server and created a new one with no luck either. I have the ISA server configured in cache only mode located on a private DMZ network behind a Checkpoint FW, the web server is located on a private internal network behind a Checkpoint FW-1 server. No issues with the firewall and packets getting through. I am getting a strange event log id "schannel" 36876 "The certificate received from the remote server has not validated correctly. The error code is 0x80090322. The SSL connection has failed. The attached data contains the server certificate. " I am not sure as to how it wasn't validated correctly. There is one MS Q Article that points to this Event ID error Q254610. It points to an LDAP problem which I have not persued yet but will. If anyone has any ideas it would be much appreciated.
Post #: 1
RE: The certificate chain was issued by an untrusted au... - 17.Feb.2003 2:43:00 PM   
pinball

 

Posts: 188
Joined: 8.Jul.2002
From: Dundee, Scotland
Status: offline
Onur,

How are you testing the certificate, are you trying to connect while connected to the lan or are you actually trying to connect via a dial up/internet access.

I had a similar problem that drove me mad for several days, but as soon as I tested from outside of the office I found it had actually been working fine, I never did find out why.

(in reply to okoksal)
Post #: 2
RE: The certificate chain was issued by an untrusted au... - 17.Feb.2003 3:11:00 PM   
SKruese

 

Posts: 11
Joined: 13.Dec.2002
From: The Netherlands
Status: offline
Hi Onur,

Can you give some more details like:
- Do you get the error on IIS or on ISA (or both)
- Did you export a certificate from IIS to ISA
- Do you use a client-side certificate to authenticatie the ISA to the IIS
- Did you also import the CA root certificate on the ISA en IIS

Regards,

Sander

(in reply to okoksal)
Post #: 3
RE: The certificate chain was issued by an untrusted au... - 17.Feb.2003 4:02:00 PM   
okoksal

 

Posts: 2
Joined: 17.Feb.2003
Status: offline
I have tested the connection from an outside connection, same error.

Can you give some more details like:
- Do you get the error on IIS or on ISA (or both)
From any client connecting.

- Did you export a certificate from IIS to ISA
Yes.

- Do you use a client-side certificate to authenticatie the ISA to the IIS
No. Don't want to do client-side certificates.

- Did you also import the CA root certificate on the ISA en IIS
The cert i exported from IIS is imported and correctly assigned to the incoming listener. SSL is enabled and everything looks good.

I think my issue is related to the certificate not being able to verify up to the CA. I think the cert installed on ISA requires it in order to obtain CRL information. I don't want to make the ISA server part of the AD domain. I want it in it's own workgroup. This maybe the problem I am thinking. ISA may require it being included in a AD domain.

I am going to keep hacking at this thanks for the info.

Cheers!

(in reply to okoksal)
Post #: 4
RE: The certificate chain was issued by an untrusted au... - 18.Feb.2003 3:37:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Onur,

Some suggestions:

1. Get the ISA Server behind the checkpoint

2. Have the ISA Server request a machine certificate from the same certificate server

3. Make sure you're forcing SSL on the OWA directories

HTH,
Tom

(in reply to okoksal)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Web Publishing >> The certificate chain was issued by an untrusted authority. (-2146893019) Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts