Re: Certificate Services problem acroos firewall

From: Paul Adare <pkadare@xxxxxxxxx>
Date: Sat, 27 Oct 2007 13:16:42 -0400

On Sat, 27 Oct 2007 15:12:03 -0000, dmakadia@xxxxxxxxx wrote:

I had HTTPS site running on IIS and certificate Service server is
diffrent server. I had to Install FW and move IIS on DMZ and keep
Certificate Service Server in inside. now when I try to connect to
https web site from outside from diffrent domain I am getting below
error; I have port 135 open between outside and Certificate server Do
I have to open other port Also??

" There is a problem with this website's security certificate.

The security certificate presented by this website was not issued by
a trusted certificate authority.

Security certificate problems may indicate an attempt to fool you or
intercept any data you send to the server. "

The error is telling you exactly what the problem is. Your internal systems
that are in the same domain as your CA trust your CA because you've
published the root CA's certificate to Active Directory and it is pushed
down via Group Policy. The external machine you're using does not have the
root CA certificate installed in its Trusted Root store so it doesn't trust
it.

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
The world is coming to an end... SAVE YOUR BUFFERS!!
.

Follow-Ups:
- Re: Certificate Services problem acroos firewall
  - From: dmakadia

References:
- Certificate Services problem acroos firewall
  - From: dmakadia

Prev by Date: Certificate Services problem acroos firewall
Next by Date: Exporting Certificates using Script
Previous by thread: Certificate Services problem acroos firewall
Next by thread: Re: Certificate Services problem acroos firewall
Index(es):
- Date
- Thread

Relevant Pages

Re: New Event Log Errors!
... Somehow along those lines I'd also installed the Certificate Authority ... Did you apply the last Server Pack for SBS Server? ... Please install Windows Support Tools on the win2k3 sp1 problematic ... Microsoft is providing this information only as a convenience to you: ...
(microsoft.public.windows.server.sbs)
Re: Terminal Services over a VPN
... Create a certificate request and submit it to godaddy in order to obtain a public cert. ... You can use the wizard in IIS Manager for this by creating a new website that matches the above name (on your TS server), right-click and choose properties, directory security tab, server certificate button. ... After the install you can stop or delete the website created above since you don't need it for anything. ...
(microsoft.public.windows.terminal_services)
Re: Outlook RPC over HTTp deosnt work
... Go to remote web workplace (or Outlook Web Access), accept the certificate prompt, 'view', and 'install' the certificate - accepting all the defaults. ... > when you try to use RPC over HTTP to connect the Exchange Server. ...
(microsoft.public.windows.server.sbs)
Re: windows mobile 6
... I installed a GoDaddy certificate on the sbs server with no problem. ... The problem is that the certificate is a .crt file and my WM6 device doesnt recognise this file extention. ... The question is how do i install the certificate. ... When a computer uses RWW it downloads the certificate automatically from the server, why doesnt WM6 do the same? ...
(microsoft.public.windows.server.sbs)
Re: Win Mobile 5 + SBS 2003 SP1 + Exchange SP1 Connection woes
... Also You do have use ssl ticked? ... Options, Server Settings, Connection and check the box "This server uses an ... So the certificate copied over just fine and has been installed on both ... The directions for install state that I can use the cert from the ...
(microsoft.public.windows.server.sbs)