Re: Publishing SSL WebSite....Arghhhh


"ZVR" <no_spam_ever@xxxxxx> wrote in message
news:44441d32$0$2924$9a6e19ea@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
Anyway, to make a long story short - what I did was take the cert file
that
I imported to ISA (the original cert export from the webserver) and
re-imported that. That worked and now SSL works but I get an information
box
saying, "Revocation Information for the Security Certificate is not
available. Do you wnat to proceed? (yes/no/view cert).

Is this because I messed it up again? Or is the ISA/Web Server Cert
issue
all fixed and this is something else?

No, this is something else. The SSL cert appears to be working fine now.
Just enable the "CRL download" option in the System Policy, to All
Networks,
which should get rid of that pesky message :-)

What the message actually says, this probably being a commercial
certificate
and all, is that ISA could not follow up on the certification chain to
retrieve the latest expiration list from the Certification Authority that
originally issued the certificate. The expiration/revocation list tells
clients whether a certificate is still valid or has been compromised, thus
revoked... or revoked for some other reasons. As a client, choosing to go
ahead with a revoked certificate is a security risk, as you can imagine.

Virgil



Thanks Virgil - I did have CRL enabled in Syspol - I wonder if it was just a
temporary thing and something couldn't connect to verify with the CA? I
asked another user to check for access and also for that error message and
he mentioned he saw an SSL session and no error message - go figure?

I suspect it's probably OK unless someone posts up otherwise if they try to
access it. If someone does come by the URL is
https://www.frostysac.com/catalog/login.php

And I'm hoping you'll see an SSL session and no pop-up windows :-)

Thanks;
Marvin

PS>Virgil - I'm having an issue with a rule that should be straightforward.
But it's not working. I'll make a new post and I'm hoping you can look at it
because it should be easy but I'm perplexed right now :-)


.

Relevant Pages

  • Re: Failure installing SSL certificate on SBS2003PremSP1 (incl. IS
    ... I decided to purchase a CA SSL key and replace the self cert on ... Basically I think the SBS web listener needs to be ... since both are working off the same certificate store. ...
    (microsoft.public.windows.server.sbs)
  • Re: 400 Bad Request Error
    ... Thanks for the reply,it does not look like the partner is using 2 different ... I have that cert imported into my trusted people certificate store for the ... I tried adding a client cert and without one and it is the same result.I do ... use a SSL connection on a different certificate. ...
    (microsoft.public.biztalk.server)
  • Heads Up: SSL defeated in IE and Konqueror
    ... SSL defeated in IE and Konqueror ... VeriSign SSL site certificate to forge any other VeriSign SSL site certificate, ... tricky site owner signs an intermediate cert with another valid cert, ...
    (comp.os.linux.security)
  • Re: Publishing SSL WebSite....Arghhhh
    ... to web publishing that site and SSL so I entered my site's name in the ... certificate; when you export the web server certificate, ... I tried to re-export the cert from the web server but the options it ... How to export a certificate with the private key: ...
    (microsoft.public.isa)
  • Re: Question about using pre-signed certificates
    ... Hmmm open ssl eh? ... You may need to verify that the certificate supports ... When I went back to the web server ... > received the error message. ...
    (microsoft.public.dotnet.framework.webservices)