Publishing issues with SubjectAltName SSL certs?
- From: "Ben Hanson" <transparency_76@xxxxxxxxxxx>
- Date: Sat, 13 Jan 2007 09:55:09 -0500
We recently provisioned new SSL certs and our cert provider supports the
SubjectAltName extension, which allows you to have two DNS FQDN's associated
with the cert versus only one. For example if you have an internal IIS web
site internal.internet.com and an external IIS web site
external.internet.com, you would have to have a cert for each name...with
SubjectAltName you can add both names to the one cert and use the same cert
on both web sites for SSl connections.
Although these certs work fine internally with IIS as above, when I try to
publish server external.internet.com using the cert internal.internet.com
(which has a SubjectAltName of external.internet.com), I get an error 23403
in the Event Log:
ISA server could not establish an SSL connection with published server
external.internet.com because the name on the SSL certificate used by the
published server does not match the name of the server
internal.internet.com, specified in the publishing rule.
Basically, it seems like ISA only looks at the name of the cert, which in
this case does not match published server name, and does not recognize that
the cert does have a SubjectAltName value that *does* match the published
server name.
Has anyone run into this that can help me???
--
Posted via a free Usenet account from http://www.teranews.com
.
- Prev by Date: Re: Tracking high users
- Next by Date: Re: Cisco Pix ---DMZ ---ISA2004
- Previous by thread: RE: Isa Server 2006 RPC filter blocks RPC traffic
- Next by thread: Re: Cisco Pix ---DMZ ---ISA2004
- Index(es):
Relevant Pages
|
