Re: Server certificate instance refuses

From: krish shenoy[MS] (kshenoy_at_online.microsoft.com)
Date: 06/26/03 

Date: Thu, 26 Jun 2003 10:19:40 -0700

1) The Server certificate should chain up to a trusted root on the client
machine
2) The client certificate should chain up to a trusted root on the server
machine
The easiest way to verify this is to export the cert to a file and copy it
to the other machine and see if it chains correctly
If you have added some trusted roots for the current user then make sure
that the same roots are also added to the local machine trusted root store
since SSL will use the local machine context and not the current user
context 

-- 
This posting is provided "AS IS" with no warranties and confers no rights.
Use of any included samples is subject to the terms specified at
http://www.microsoft.com/info/copyright.htm"
"Arek Lichwa" <arek_lichwa@yahoo.com> wrote in message
news:ex5w6h#ODHA.1072@TK2MSFTNGP10.phx.gbl...
> Hello!
> I got a warning message in eventlog (win2000 server)
> "the server certificate for instance '72' does not chain up to a trusted
> root certificate"
> It happens when client application with own certificate trying to connect
to
> aspx application (the aspx script enforces SSL 128bit encyption and
requires
> client certificate)  on server 72 instance and web server refuses
connection
> with http403 error (exactly refuses the client certificate)
>
> I'd appriciate for any help or any pointings
> with kind regards Arek
>
>

Relevant Pages

  • Re: Server certificate instance refuses
    ... have you configured the IIS server mapping? ... "Arek Lichwa" wrote in message ... > using mmc snapin for certificate moved the apropriate cert to trusted root ...
    (microsoft.public.win2000.security)
  • Strange IIS 5 problem with client certificates
    ... We are having a strange IIS 5.0 problem involving client certificates. ... We have a system with a central server running Win2K and IIS 5.0, ... HTTPS, authenticate themselves via client certificate, and then POST data to ...
    (microsoft.public.inetserver.iis.security)
  • Windows Mobile + https + clientcertificates?
    ... I am trying to write an application which communicates with a webservice via SOAP, from a Windows Mobile 6 device. ... Additionally, the server certificate on the test server is self-signed, and so the client application needs to be able to ignore server certificate errors, and also supply the correct client certificate. ...
    (microsoft.public.windowsce.app.development)
  • Re: Windows Mobile + https + clientcertificates?
    ... On the Windows Mobile device, I've successfully obtained the certificate via the crypto APIs, and called the SetOption, with no apparent error. ... However, it still fails (the SendRequest actually says it succeeds, but I have an HTTP status of 500, internal server error, and no results). ... Additionally, the server certificate on the test server is self-signed, and so the client application needs to be able to ignore server certificate errors, and also supply the correct client certificate. ...
    (microsoft.public.windowsce.app.development)
  • Re: TLS Handshake issue
    ... on the server certficate if I do not supply the MANUAL_VALIDATION flag? ... certificate and then sent my client certificate? ... should get SEC_E_CERT_EXPIRED if the server cert is expired. ...
    (microsoft.public.platformsdk.security)