Re: Cannot access web server after enable FIPS compliant cryptography

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Chris Botha (chris_s_botha_at_.AT.hotmail.com)
Date: 02/10/05 

Date: Thu, 10 Feb 2005 10:28:13 -0500

Sorry, as I said, I am not familiar with FIPS, but know that the
ICertificatePolicy works when regular certificates cause problems. Give it a
shot and see if it works.

"Jener Silva" <jener@mac.com> wrote in message
news:e633xv3DFHA.2876@TK2MSFTNGP12.phx.gbl...
> No, IE does not prompt me to accept the certificate.
> There is nothing wrong with the certificate.
> The web service works fine if I disable FIPS cryptography in the Local
> Security Policy of the server.
>
> "Chris Botha" <chris_s_botha@.AT.hotmail.com> wrote in message
> news:%230R10WUDFHA.1260@TK2MSFTNGP12.phx.gbl...
>> I'm not familiar with FIPS, but can tell you that if IE prompts you to
>> accept the certificate, for example if it is a test certificate, etc,
>> then you will have this problem. In this case write a class that
>> implements the ICertificatePolicy interface. Give it a shot in any case.
>> For an example, have a look at
>> http://weblogs.asp.net/jan/archive/2003/12/04/41154.aspx
>>
>>
>> "Jener Silva" <jener.silva@fhwa.dot.gov> wrote in message
>> news:%23FRMTAIDFHA.2600@TK2MSFTNGP09.phx.gbl...
>>>I have a Windows 2003 Enterprise server hosting my web service and it has
>>>the System cryptography set to run in FIPS complaint mode.
>>> When I try to run my asp.net application, which resides on another 2003
>>> server, I get an exception:
>>>
>>> The underlying connection was closed: Could not extablish secure channel
>>> for SSL/TLS.
>>>
>>> If we disable FIPS compliant cryptography, the application works fine.
>>> Those servers are within the same network, there is no firewall between
>>> them.
>>>
>>> When I try to add a web reference to a new asp.net project, VS.NET 2003
>>> shows the initial page in the wizard, but the button to add the
>>> reference is disabled and a message shows up that says:
>>>
>>> There was an error downloading 'https://servername/webservice.asmx'.
>>>
>>> The underlying connection was closed: Could not establish secure channel
>>> for SSL/TLS.
>>>
>>> Can anyway tell me what's wrong?
>>> Thanks.
>>>
>>>
>>
>>
>
>

Relevant Pages

  • Re: Poker Stars.. for those complaining that its rigged
    ... I agree that Stars should move to FIPS140-2 certificataion. ... Storage of a Private or Secret Key for a key pair OR certificate, ... number generators is under FIPS 140-2. ... Poker Stars does discuss its RNG in great detail. ...
    (rec.gambling.poker)
  • Re: Kerberos 5 certified under NIST 140-2.
    ... "Windows build of FIPS 1.1.1 is not thread-safe" which lead to some ... is the OpenSSL certificate. ... Kerberos 5 certified under NIST 140-2. ... Appendix A describes the documentation that is necessary. ...
    (comp.protocols.kerberos)
  • Re: Kerberos 5 certified under NIST 140-2.
    ... I don't want to get into the whole FIPS 140-2 mess ... ... look at the certificate and security policy for ... open source projects. ... Say, Apple, Solaris, etc. ...
    (comp.protocols.kerberos)
  • Re: regarding retrival of server certificate
    ... certificate As X509Certificate, _ ... ICertificatePolicy isn't much more difficult to implement, ... Joe Kaplan-MS MVP Directory Services Programming ... access your server and get the proxies working correctly by configuring ...
    (microsoft.public.dotnet.security)
  • Re: OT-Pro-Immigration Rallies Are Held Across Country
    ... Your vet does fill out a certificate so he has a record of the date, ... They don't accept the metal tag. ... rarely care, but state parks do. ... Dog's records show a 1 year shot in July 95, but he was only 4 months old then and it may have been a puppy size shot. ...
    (rec.outdoors.rv-travel)