Re: Publishing SSL WebSite....Arghhhh

Edited Below;

"ZVR" <no_spam_ever@xxxxxx> wrote in message
news:44440ddb$0$2958$9a6e19ea@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
OK - done. But keep in mind, I managed to get Web Puiblishing working
(as
opposed to Server Publishing :-)

It doesn't matter. Internal access should always be direct. That also
means
that you have to employ the split DNS configuration for all your
websites/domains...

Here's some good news though - ISA reported a 500 server error with
regards
to web publishing that site and SSL so I entered my site's name in the
TO
tab and
it is the same on both certs.

Can anyone check and see if it's still failing - or did I get it cased?
:-)

Still getting the error. Do you also get event id's 36871, 36869 in the
event logs? ("SSL server credential's certificate does not have a private
key" message). If you do, it means you haven't properly exported the
certificate; when you export the web server certificate, prior to
importing
it on ISA, you need the fully functional certificate including the private
key.

Man you're good! I just checked the event log on the webserver and that's
the
error showing up in there.

OK, I tried to re-export the cert from the web server but the options it
presented no longer followed along with either the directions you provided
or the ones I originally followed. I figured it had something to do with not
exporting the private key (or something along those lines) even though I was
sure I had the proper check boxes (according to the ISA SSL instructions I
followed).

Anyway, to make a long story short - what I did was take the cert file that
I imported to ISA (the original cert export from the webserver) and
re-imported that. That worked and now SSL works but I get an information box
saying, "Revocation Information for the Security Certificate is not
available. Do you wnat to proceed? (yes/no/view cert).

Is this because I messed it up again? Or is the ISA/Web Server Cert issue
all fixed and this is something else?

Please help! I'm going grey........ :-0

Best & Thanks;
Marvin


See the following articles for details:

How to export a certificate with the private key:
http://tinyurl.com/e9cbk

IIS: Export Private Key Option is Grayed When Exporting a Server
Certificate
http://support.microsoft.com/kb/232154/EN-US/

Virgil




.

Relevant Pages

  • Re: Failure installing SSL certificate on SBS2003PremSP1 (incl. IS
    ... I decided to purchase a CA SSL key and replace the self cert on ... Basically I think the SBS web listener needs to be ... since both are working off the same certificate store. ...
    (microsoft.public.windows.server.sbs)
  • Heads Up: SSL defeated in IE and Konqueror
    ... SSL defeated in IE and Konqueror ... VeriSign SSL site certificate to forge any other VeriSign SSL site certificate, ... tricky site owner signs an intermediate cert with another valid cert, ...
    (comp.os.linux.security)
  • Re: Publishing SSL WebSite....Arghhhh
    ... "Revocation Information for the Security Certificate is not ... (yes/no/view cert). ... The SSL cert appears to be working fine now. ... he mentioned he saw an SSL session and no error message - go figure? ...
    (microsoft.public.isa)
  • Re: How to exchange certificate ?
    ... certificate store (I own ONLY a public key). ... >contained in a certificate store AND having an associated private key. ... you can test any cert for an associated private key using: ...
    (microsoft.public.platformsdk.security)
  • Re: A question about CryptAcquireCertificatePrivateKey
    ... Windows stores the CSP and private key associated with the certificate in the ... This is, of course, true only when WINDOWS stores the cert. ...
    (microsoft.public.platformsdk.security)