Re: Server certificate instance refuses

From: Arek Lichwa (arek_lichwa_at_yahoo.com)
Date: 06/27/03 

Date: Fri, 27 Jun 2003 17:12:08 +0200

if you mean >>enable client certificate mapping<< - the answer is no, what
this can change ?

now i've removed all root cert ca repository, intermediate cert and all the
rest, imported only ThawteServer CA, Certum CA (polish CA) and signed them
as CTL
but no possitive results, the same answer from IIS = http403,
the warning disappeared, it would be nice to have possibility get more debug
information or things happend during the connection/request

with kind regards Arek

"David Cross [MS]" <dcross@online.microsoft.com> wrote in message
news:O#LNZWKPDHA.3016@TK2MSFTNGP10.phx.gbl...
> have you configured the IIS server mapping?
> David B. Cross [MS]
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> http://support.microsoft.com
>
> "Arek Lichwa" <arek_lichwa@yahoo.com> wrote in message
> news:uWy9VZJPDHA.3236@TK2MSFTNGP10.phx.gbl...
> > i've resolved the problem with the warning,
> > using mmc snapin for certificate moved the apropriate cert to trusted
root
> > certification authorities
> > but now nothing happens in event log and server still showing http403.16
> for
> > client, the client cert (issued by thawte for post.polcard.com.pl with
> valid
> > to : 2003-07-05) is also in root ca repository and the path is valid, i
> mean
> > certificate panel says the cert path is ok,
> > whats can be wrong with my server settings?
> >
> > "krish shenoy[MS]" <kshenoy@online.microsoft.com> wrote in message
> > news:uLj0hcAPDHA.3700@tk2msftngp13.phx.gbl...
> > > 1) The Server certificate should chain up to a trusted root on the
> client
> > > machine
> > > 2) The client certificate should chain up to a trusted root on the
> server
> > > machine
> > > The easiest way to verify this is to export the cert to a file and
copy
> it
> > > to the other machine and see if it chains correctly
> > > If you have added some trusted roots for the current user then make
sure
> > > that the same roots are also added to the local machine trusted root
> store
> > > since SSL will use the local machine context and not the current user
> > > context
> > >
> > >
> > > --
> > > This posting is provided "AS IS" with no warranties and confers no
> rights.
> > > Use of any included samples is subject to the terms specified at
> > > http://www.microsoft.com/info/copyright.htm"
> > > "Arek Lichwa" <arek_lichwa@yahoo.com> wrote in message
> > > news:ex5w6h#ODHA.1072@TK2MSFTNGP10.phx.gbl...
> > > > Hello!
> > > > I got a warning message in eventlog (win2000 server)
> > > > "the server certificate for instance '72' does not chain up to a
> trusted
> > > > root certificate"
> > > > It happens when client application with own certificate trying to
> > connect
> > > to
> > > > aspx application (the aspx script enforces SSL 128bit encyption and
> > > requires
> > > > client certificate) on server 72 instance and web server refuses
> > > connection
> > > > with http403 error (exactly refuses the client certificate)
> > > >
> > > > I'd appriciate for any help or any pointings
> > > > with kind regards Arek
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Web Certificate for IIS Server on SBS Domain
    ... Before your reply, I actually ran across rapidssl myself, and have ordered and installed the free 30-day certificate on my site. ... I explained what you'd told me about putting my existing configuration at risk by installing Cert Services, and he said he didn't know that. ... Again, if you're just needing a cert to install on your web server to provide SSL connectivity for remote users, go with an external third-party provider. ... When you add Certificate Services on an internal network, lots of internal communications will start using pieces provided by the Cert Server instead of the defaults from Server 2003, and when things blow up, they can blow up gloriously. ...
    (microsoft.public.windows.server.sbs)
  • Re: Terminal Services over a VPN
    ... Create a certificate request and submit it to godaddy in order to obtain a public cert. ... You can use the wizard in IIS Manager for this by creating a new website that matches the above name (on your TS server), right-click and choose properties, directory security tab, server certificate button. ... After the install you can stop or delete the website created above since you don't need it for anything. ...
    (microsoft.public.windows.terminal_services)
  • Re: SBS 2003 Premium and Cert Services
    ... that philosphy got blown out of the equation when SBS included Exchange OWA ... "Small Business Server" which is MS claim as to why the risk of exposing the ... the Certificate Server on another server, ... >> Cert, or you could edit the properties of your Certification Authority to ...
    (microsoft.public.windows.server.sbs)
  • Re: Web Certificate for IIS Server on SBS Domain
    ... and installed the free 30-day certificate on my site. ... instructions to install Certificate Services. ... If I can find a way to issue my own cert without risking my SBS setup, ... > Server instead of the defaults from Server 2003, and when things blow up, ...
    (microsoft.public.windows.server.sbs)
  • Re: Cant disable "Trusted" for Certificates Issued by MS Certificate Server
    ... The certificate for the root CA (the one that is being used by the MS ... Certificate Server) was created when I installed MS Certificate Server. ... The next day, when I got the server cert back from the 3rd-party CA, I ...
    (microsoft.public.platformsdk.security)