Re: Server certificate instance refuses

From: D. Cross [MS] (dcross_at_online.microsoft.com)
Date: 06/30/03

• Next message: Suzanne: "Unwanted Pop-up ads"
• Previous message: Andrew Kinnie: "Strange system log error"
• In reply to: Arek Lichwa: "Re: Server certificate instance refuses"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 30 Jun 2003 07:32:20 -0700

These articles may be helpful to you:

http://www.microsoft.com/windows2000/techinfo/planning/security/mappingcerts.asp

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q216906

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q272175

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q313070

-- 
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"Arek Lichwa" <arek_lichwa@yahoo.com> wrote in message
news:#uwS65LPDHA.2316@TK2MSFTNGP11.phx.gbl...
> if you mean >>enable client certificate mapping<< - the answer is no, what
> this can change ?
>
> now i've removed all root cert ca repository, intermediate cert and all
the
> rest, imported only ThawteServer CA, Certum CA (polish CA) and signed them
> as CTL
> but no possitive results, the same answer from IIS = http403,
> the warning disappeared, it would be nice to have possibility get more
debug
> information or things happend during the connection/request
>
> with kind regards Arek
>
> "David Cross [MS]" <dcross@online.microsoft.com> wrote in message
> news:O#LNZWKPDHA.3016@TK2MSFTNGP10.phx.gbl...
> > have you configured the IIS server mapping?
> > David B. Cross [MS]
> >
> > --
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >
> > http://support.microsoft.com
> >
> > "Arek Lichwa" <arek_lichwa@yahoo.com> wrote in message
> > news:uWy9VZJPDHA.3236@TK2MSFTNGP10.phx.gbl...
> > > i've resolved the problem with the warning,
> > > using mmc snapin for certificate moved the apropriate cert to trusted
> root
> > > certification authorities
> > > but now nothing happens in event log and server still showing
http403.16
> > for
> > > client, the client cert (issued by thawte for post.polcard.com.pl with
> > valid
> > > to : 2003-07-05) is also in root ca repository and the path is valid,
i
> > mean
> > > certificate panel says the cert path is ok,
> > > whats can be wrong with my server settings?
> > >
> > > "krish shenoy[MS]" <kshenoy@online.microsoft.com> wrote in message
> > > news:uLj0hcAPDHA.3700@tk2msftngp13.phx.gbl...
> > > > 1) The Server certificate should chain up to a trusted root on the
> > client
> > > > machine
> > > > 2) The client certificate should chain up to a trusted root on the
> > server
> > > > machine
> > > > The easiest way to verify this is to export the cert to a file and
> copy
> > it
> > > > to the other machine and see if it chains correctly
> > > > If you have added some trusted roots for the current user then make
> sure
> > > > that the same roots are also added to the local machine trusted root
> > store
> > > > since SSL will use the local machine context and not the current
user
> > > > context
> > > >
> > > >
> > > > --
> > > > This posting is provided "AS IS" with no warranties and confers no
> > rights.
> > > > Use of any included samples is subject to the terms specified at
> > > > http://www.microsoft.com/info/copyright.htm"
> > > > "Arek Lichwa" <arek_lichwa@yahoo.com> wrote in message
> > > > news:ex5w6h#ODHA.1072@TK2MSFTNGP10.phx.gbl...
> > > > > Hello!
> > > > > I got a warning message in eventlog (win2000 server)
> > > > > "the server certificate for instance '72' does not chain up to a
> > trusted
> > > > > root certificate"
> > > > > It happens when client application with own certificate trying to
> > > connect
> > > > to
> > > > > aspx application (the aspx script enforces SSL 128bit encyption
and
> > > > requires
> > > > > client certificate)  on server 72 instance and web server refuses
> > > > connection
> > > > > with http403 error (exactly refuses the client certificate)
> > > > >
> > > > > I'd appriciate for any help or any pointings
> > > > > with kind regards Arek
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

• Next message: Suzanne: "Unwanted Pop-up ads"
• Previous message: Andrew Kinnie: "Strange system log error"
• In reply to: Arek Lichwa: "Re: Server certificate instance refuses"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: SCW question. ... Created a new Server and installed IIS. ... and saw that the default rights for IUSR and IWAM users are there. ... Server to the domain without and GPO's applied...Local Security policy ... rights (which coincides with my Member server GPO settings). ... (microsoft.public.windows.server.security) Re: SBS 2003 folder redirection, offline files, ..and more ... you log into a shared PC with admin rights and go to Windows Explorer Folder ... documents are redirected to the server. ... without redirection, they wouldn't have been. ... (microsoft.public.windows.server.sbs) Re: file rights issue... ... Domain Admin has rights to everything so not being able to access the ... The Terminal Server is an entirely different ... of BV we are running uses an SQL DB engine called Pervasive SQL to ... the accounting data on the Windows 2000 server through the pervasive ... (microsoft.public.backoffice.smallbiz2000) Re: sbs2003 to (new)server2003 user issue ... Meinolf Weber ... This posting is provided "AS IS" with no warranties, and confers no rights. ... sbs server dead sunday night. ... Even if the account in the domain and the local account on the ... (microsoft.public.windows.server.active_directory) Re: assign permissions from the domain ... This posting is provided "AS IS" with no warranties, and confers no rights. ... "Meinolf Weber" wrote: ... Both server have static IPs however the standard server has the ... (microsoft.public.windows.server.active_directory)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint