RE: trouble using SSL on WSUS



At Tuesday, March 14, 2006 7:24 AM, Bart Poort wrote:

I've read on serveral sites that the server certificate has to be
imported to the client local Trusted Root CA so this is what i did.

It's not the server certificate itself that needs to be imported into
the Trusted Root CA, it's the root certificate that signed your cert; if
there are other certs in the signing chain, they can then be verified.

If these machines are in an Active Directory domain, your may want to
install an enterprise AD-integrated CA. This way, your clients and
servers will automatically trust the proper root servers, making this
sort of thing go much more smoothly.

--
Devin L. Ganger Email: deving@xxxxxxxxxx
3Sharp LLC Phone: 425.882.1032 x 109
15311 NE 90th Street Cell: 425.239.2575
Redmond, WA 98052 Fax: 425.702.8455
(e)Mail Insecurity: http://blogs.3sharp.com/blog/deving/

---------------------------------------------------------------------------
---------------------------------------------------------------------------



Relevant Pages

  • Re: Bad Key
    ... certs in the Personal store, rather than the Trusted Root store... ... > This was then installed in the local computer under the Trusted Root ... Then I publish a web service which uses this same cert to ... Then I developed a client app on the same local ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: How to Get IE to Trust My Certificate?
    ... You can download the CA cert from the /certsrv pages on the CA. (If it ... > way it's supposed to work when importing the site cert is ... >>trusted root to make that go away. ... >>> trust the certificate I have created with my own ...
    (microsoft.public.inetserver.iis.security)
  • Re: WZCSVC & "Trusted Root Certification Authorities"
    ... You also have the option to select a trusted root CA. ... >> We recommend validating server certificate always it's ... >>> Could somebody please help clarify if this setting: ...
    (microsoft.public.internet.radius)
  • Re: WZCSVC & "Trusted Root Certification Authorities"
    ... When you look at the WZCSVC interface, you have the option to validate the ... You also have the option to select a trusted root CA. ... > We recommend validating server certificate always it's ...
    (microsoft.public.internet.radius)
  • Re: How to Get IE to Trust My Certificate?
    ... I explicitly imported the CA cert. ... decide whether to trust it (implicitly importing the CA ... >trusted root to make that go away. ... >> trust the certificate I have created with my own ...
    (microsoft.public.inetserver.iis.security)