I have read all the posts on this error and Dr. Shinder's article on the Internal 500 error. The problem I am having seems a little different. The name of the security certificate (CA) matches the name of the URL I am trying to access, the date is valid, and I have installed the cert in the trusted root of the client. The cert was created on an Internal Stand-alone CA using MS Cert Services. I am bridging SSL to SSL and at this point I cannot see where the problem lies. I have also tried removing the cert on the web server and created a new one with no luck either. I have the ISA server configured in cache only mode located on a private DMZ network behind a Checkpoint FW, the web server is located on a private internal network behind a Checkpoint FW-1 server. No issues with the firewall and packets getting through. I am getting a strange event log id "schannel" 36876 "The certificate received from the remote server has not validated correctly. The error code is 0x80090322. The SSL connection has failed. The attached data contains the server certificate. " I am not sure as to how it wasn't validated correctly. There is one MS Q Article that points to this Event ID error Q254610. It points to an LDAP problem which I have not persued yet but will. If anyone has any ideas it would be much appreciated.
From: The Netherlands
Can you give some more details like: - Do you get the error on IIS or on ISA (or both) - Did you export a certificate from IIS to ISA - Do you use a client-side certificate to authenticatie the ISA to the IIS - Did you also import the CA root certificate on the ISA en IIS
I have tested the connection from an outside connection, same error.
Can you give some more details like: - Do you get the error on IIS or on ISA (or both) From any client connecting.
- Did you export a certificate from IIS to ISA Yes.
- Do you use a client-side certificate to authenticatie the ISA to the IIS No. Don't want to do client-side certificates.
- Did you also import the CA root certificate on the ISA en IIS The cert i exported from IIS is imported and correctly assigned to the incoming listener. SSL is enabled and everything looks good.
I think my issue is related to the certificate not being able to verify up to the CA. I think the cert installed on ISA requires it in order to obtain CRL information. I don't want to make the ISA server part of the AD domain. I want it in it's own workgroup. This maybe the problem I am thinking. ISA may require it being included in a AD domain.
I am going to keep hacking at this thanks for the info.