Re: Securing Webservice
- From: "Bob" <bob@xxxxxxxxxxx>
- Date: Thu, 14 Dec 2006 15:05:14 +1300
Hi Joe,
The only thing in the Certification path is my development machine which I
set up as the one and only certificate server in our company.
The information message says "This certificate cannot be verified up to a
trusted certification authority"
Is it inferring that basically my machine needs to be authorised by a higher
level.
In other words do I need to engage a commercial third party to verify my
certificates?
i.e. Issuing your own certificates based entirely on your own authority is
not good enough?
Thanks
Bob
"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:O%23PdWXnHHHA.3780@xxxxxxxxxxxxxxxxxxxxxxx
Ok, if it is a trust issue, then when you open up the certificate in themissing
certificates UI and switch to the Certification Path tab, you should see
where the trust chain is being broken. That should tell you what is
or is not being trusted properly.Programming"
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
http://www.directoryprogramming.netsecurity
--
"Bob" <bob@xxxxxxxxxxx> wrote in message
news:ewXS$9lHHHA.420@xxxxxxxxxxxxxxxxxxxxxxx
Hi Joe,
Thanks for following up.
It looks like trust to me.
It has a 'Security Alert ' dialog box.
In summary the dialog box says there is a problem with the sites
thecertificate.
Then there is an information icon alongside which it says 'The security
certificate was issued by a company you have not chosen to trust. View
youcertificate to determine whether you want to trust the certifying
authority."
This is followed by two green tick icons stating:
1) that the certificate date is valid.
2) "the certificate has a valid name matching the the name of the page
expiration.are trying to view"
regards
Bob
"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:eRxOlJjHHHA.420@xxxxxxxxxxxxxxxxxxxxxxx
Perhaps the issue isn't with a certificate trust issue, but with someother
cert problem such as a cert name/URL host mismatch or a cert
onWhat exactly does the cert warning dialog say?Programming"
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
http://www.directoryprogramming.net
--
"Bob" <bob@xxxxxxxxxxx> wrote in message
news:OA7Fd3iHHHA.4112@xxxxxxxxxxxxxxxxxxxxxxx
Hi Joe,
Thanks for your reply.
The problem apppears to be that I am not installing the certificate
asthe
client successfully.
When the browser brings up the Certificate question dialog box I go
down
the
view certificate -> install certificate path. This seems to proceed
correctly.
I have tried letting the wizard choose where to put the certificate
wewell
as taking the manual path and selecting Trusted Root Certicate Store.
In
both cases I am told the import is successful.
However a new browser window gets the certificate question and away
machines.go
again.
The goal is to deploy a thick client on a couple of external
beenthe
My test Http deployment went OK. but now I have clamped down to Https
newly installed test app errors trying to connect.
I am assuming that the inability of the browser to repeatedly use the
certificate is related but this may not be correct as the app has
IEtold
to trust any certificate. Still, it is a starting point to trying to
figure
out what is wrong.
Thanks
Bob
"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:uooZrOaHHHA.420@xxxxxxxxxxxxxxxxxxxxxxx
The issue here is that your browser doesn't trust the certificate.
trusttellingisn't
installing a certificate when it gives you a warning, it is just
you
it doesn't trust the certificate. In order to get the client to
certificateit,
you need to put the root certificate in the client's root
thestore.
Note that you'll need to do that for every client that will access
domain,server. If that is a lot of clients, you might want to consider a
certificate from a public CA. If they are all members of your
docinstalledthen
you can deploy an enterprise CA to get that root automatically
on
each domain member.Programming"
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
http://www.directoryprogramming.netcreated
--
"Bob" <bob@xxxxxxxxxxx> wrote in message
news:O$qmzYYHHHA.1240@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
I am new to web admin and security.
Made a certificate server out of the development Win2k server and
a
root certificate.
The same machine is also the web server for now.
Updated the Web site directory properties to require SSL
When I query the site from a browser on the LAN it brings up the
certificate
question and the certificate install appears to go OK. The WSDL
for
my
service then appears
However if I start a new browser window it asks the certificate
question
again.
Any clues as to where I am going wrong?
thanks
Bob
.
- Follow-Ups:
- Re: Securing Webservice
- From: Joe Kaplan
- Re: Securing Webservice
- References:
- Securing Webservice
- From: Bob
- Re: Securing Webservice
- From: Joe Kaplan
- Re: Securing Webservice
- From: Bob
- Re: Securing Webservice
- From: Joe Kaplan
- Re: Securing Webservice
- From: Bob
- Re: Securing Webservice
- From: Joe Kaplan
- Securing Webservice
- Prev by Date: Re: Securing Webservice
- Next by Date: Re: VBscript and impersonation
- Previous by thread: Re: Securing Webservice
- Next by thread: Re: Securing Webservice
- Index(es):
Relevant Pages
|
|
