RE: A question regarding the way how IIS gets the CRL's
From: Ralph Los (RLos@enteredge.com)Date: 04/04/02
- Previous message: Hunter Ely: "Re: ntsds.exe or ntsdc.exe"
- Maybe in reply to: Леонид Волков: "A question regarding the way how IIS gets the CRL's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Ralph Los" <RLos@enteredge.com> To: "'?????? ??????'" <volkov@skbkontur.ru> Date: Thu, 4 Apr 2002 11:30:57 -0500
Open up a packet sniffer, and track which ports are being used by the IIS
box out-bound to the client(s). Also...open all ports on the IIS box, and
set up a program like TCPView, or use Netstat to see the incoming
connections from the IIS box --> client, and thus isolate your issue that
way.
There are a bunch of ways to go about this, most of them involve being at
either one end of the conversation or the other, or both
Cheers, post your findings, k?
----------------------------------------|
Ralph M. Los
Sr. Security Engineer and Trainer
EnterEdge Technology, L.L.C.
rlos@enteredge.com
(770) 955-9899 x.206
----------------------------------------|
::-----Original Message-----
::From: volkov@skbkontur.ru [mailto:volkov@skbkontur.ru]
::Sent: Wednesday, April 03, 2002 12:13 PM
::To: focus-ms@securityfocus.com
::Subject: A question regarding the way how IIS gets the CRL's
::
::
::Hello all,
::We have created some web-based application and installed it
::for the customer; It is running on IIS 5.0 - thus W2K. Now,
::all the clients are allowed to work with this application if
::and only if they have a client certificate; only the port 443
::is open. So this web-server supports only HTTPS. The problem
::is as following: we also run the Certification Authority at
::our office, and with its help we distribute the certificates
::for that web-application. Thus, we also publish the CRL's
::every month on our server, and the IIS at the customer's
::knows, where it is to look for the CRL's. But - the port 443
::is not enough for it, and also if we open the port 80 it
::still rejects all the client's certificates, saying that it
::is not able to check the CRL. Though, if we open all ports at
::the customer's service, it is able to check the CRL - and the
::client's certificate. Therefore we suppose, that IIS uses
::some special port or some special way to get the CRL from a
::remote CA. But we were not able to figure out, which way? Can
::anyone help? Thank you,
::
::Leonid Volkov
::
::*********************
::IT Lab, SKB Kontur, Ekaterinburg, Russia
::volkov@skbkontur.ru
::http://otchet.skbkontur.ru
::http://www.skbkontur.ru
::+007(3432)343446
::
::
- Previous message: Hunter Ely: "Re: ntsds.exe or ntsdc.exe"
- Maybe in reply to: Леонид Волков: "A question regarding the way how IIS gets the CRL's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
