Re: rpc over http/secure owa

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: "ZVR" <nospamever@xxxxxx>
• Date: Thu, 20 Oct 2005 11:07:11 -0400

---

> FYI...I received the following crts with my order:
>
> 1.. GTECyberTrustRoot.crt
> 2.. NetworkSolutionsCA.crt
> 3.. mail.rzim.org .crt
> and believe this implies a trusted chain.

That is only a chain if those certificates are chained themselves. Open the
last one, the certificate that you would use as a "server certificate" on
your ISA machine, and verify the certification path. If all three are linked
together in a chain then yes you have a chain of trust. But for your
mail.rzim.org certificate to work, your ISA machine also needs to trust the
particular GTECyberTrust certification authority which issued the Network
Solutions' CA certificate. It seems that in your case that does not occur.
(You should be able to see where in the chain the "trusting" problems is
when you view the certificate).

If the chain is correctly set up like I explained, try importing the "root"
certificate as per my previous post. That would be the GTECyberTrustRoot.crt
file. Did you import that as well in your machine certificate store? (under
Trusted Root Certification Authorities).

Virgil


.

---

• References:
  • rpc over http/secure owa
    • From: LJH
  • Re: rpc over http/secure owa
    • From: ZVR
  • Re: rpc over http/secure owa
    • From: LJH

• Prev by Date: Re: rpc over http/secure owa
• Next by Date: Re: 4 vpns over 4 nics
• Previous by thread: Re: rpc over http/secure owa
• Next by thread: Re: ISA 2000 -- Web Server Publishing - Anonymous access.
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Vista Certificate Enrollment api ... The flag only affects chain building on the end entity certificate, ... Issuer: CN=XXXX.com Enrollment Authority ... Subject: CN=XXXX.com Issuing Enrollment Authority ... (microsoft.public.platformsdk.security) Re: Schannel CertificateChainValidation failing ... It is really helpful to try to get at least a base knowledge of certificates and PKI, especially with regards to all the components in chain verification, if you are going to be working with SSL in any detail. ... If any cert includes AIA extensions, the client may try to retrieve the issuing certificate for that cert via the published AIA location. ... (microsoft.public.platformsdk.security) Re: How to get from PCCERT_CONTEXT to an encoded PKCS #7 blob in memory? ... Make sure to check that the chain is valid ... you can create a memory store and add each ... certificate in the chain to the memory store, ... > private key, but pretty much everything else including the public key and ... (microsoft.public.platformsdk.security) RE: Another basic PKI question ... You should also note that the security of the certificate chain depends ... on how thorough and secure the validation check is. ... one should only trust the ... (Security-Basics)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > ISA  > microsoft.public.isa  > 2005-10