Re: SSL Multiple Ports

From: joehlmann (joehlmann_at_discussions.microsoft.com)
Date: 07/18/04 

Date: Sun, 18 Jul 2004 01:49:04 -0700

"Ken Schaefer" wrote:

> "joehlmann" <joehlmann@discussions.microsoft.com> wrote in message
> news:2B624DF8-080C-4B18-ABA7-3B258A7F81C3@microsoft.com...
> >
>
>
> > I am wanting to to user name/ password
> > mapping with client certs on the WS accessing my secure site.
> > The issuse is if u r using 2003 server as the WS and try to
> > install a client web cert you get the above mentioned error.
> > Try it I have in any number of Cipher Combos.
>
> As mentioned before, Error 0x80090016 is "NTE_BAD_KEYSET" #Keyset Does Not
> Exist
> Please inform us of the exact steps you are taking to install the client
> cert "into IE".
>
>
> > Also apart from the IE CLIENT cert issue if once again u r
> > using w2003 as the IE client browser of your secure site
> > IE wont do SSL on any other port apart from 443. XP NT
> > etc work fine
> >
> > This is removing the whole client cert user name/pass mapping from the
> equation.
>
> Then something is wrong with your setup. I just tried this, and my Windows
> 2003 copy of Internet Explorer can reach an SSL secured site which is
> running on port 444 just fine. You may want to look at proxy server issues
> or similar:
>
> https://careers2.careers.unsw.edu.au:444/
> can be reached just fine by my copy of IE running on Windows 2003 Server.
>
> What do you see in the browser when you attempt to reach an SSL secured site
> on a non-standard port? What is the exact address/URL that you are using?
>
> Cheers
> Ken
>
>
>
>
> > > "joehlmann" <joehlmann@discussions.microsoft.com> wrote in message
> > > news:78DC8F65-977A-4878-AFD1-0A16CCDC5959@microsoft.com...
> > > >
> > > > > John Cesta
> > > > >
> > > > > ---------------------------------
> > > > Guys Ive cracked it...Sorry John my question was defineatly not about
> host
> > > headers..
> > > >
> > > > We are a using w2003 server on all 30 WS in our offices. (We are a
> > > development house)
> > > >
> > > > It seems 2 bugs are in 2003 a) u cant install a client cert into IE
> on a
> > > w2003 server box. Try it ive used both MS self generated & external
> types of
> > > all varietys u get a
> > > > Unable to install Error: 0x80090016. Ive tried chasing this down on
> > > google with no joy
> > > > b) And this is the kicker u cant use SSL on w2003 IE on any other port
> > > apart from 443
> > > >
> > > > I would love to get a solution to this issue but at the end of the day
> > > none of the users of our s/w are going to be running 2003 server :)
> > > >
> > > > I installed VMware (aka a better virtual machine) ran up xp & nt 4 ws
> and
> > > its all good. user name & passes mapped to client certs running on port
> 8098
> > > :) and
> > > > no need to get more than 1 IP on our 2 meg link
> > > >
> > > > Justin
> > >
> > > Ok I am using SSL Server certs installed into IIS on the server end and
> this is working fine.
> >
> >
> > So to surmise iis 6 as the SSL web server is fine, it is when u go to use
> w2003 and IE as a client/browser of the secure site is where a) u cant
> install client certs into IE b) access SSL (either with or without client
> certs) on a port other than 443.
> >
> > I hope this calrifies the issue as it has been a 3 day epic and would love
> to be shown that w2003 doesnt have these CLIENT/BROWSER IE related issuses
> >
> > Yours Truly
> >
> > Justin Oehlmann
> > Snr Software Engineer
> > Nsynergy

I am accessing an internal CA that i setup that automatically issues me with the cert and when u click on it to install i get the afore mentioned error. I agree the error code is crap and refers to a lot of different things in google etc

Also there is a external free cert company that is using MS Cert services and got the same results from them as well

We are running ISA as our firewall and have a) disabled it b) opened all prots and ports c) it works fine with xp 2000ws with the firewall up

https://www.inhouselawyers.com.au:444/frontera/legalnet

All i get is a white blank screen... same on the url u supplied me (no prompt for user name etc etc)

I just got a frend to do the same as u and it works externally on 2003 ?????

Yes there must be some issue with the proxy coming back on the wrong port

try going to http://www.legalnetcentral.com.au/certsrv and request a cert and try install it into 2003

Thanks for your help in isolating this issue

Relevant Pages

  • Re: SSL and Client Authentication
    ... First I go on my client and I do a browser request from a CA, ... After issuing a cert. ... install (where I verify that this certification was installed ... > It definitely does not sound like the right way to do client certificates. ...
    (microsoft.public.inetserver.iis.security)
  • Re: SSL Multiple Ports
    ... Please inform us of the exact steps you are taking to install the client ... the cert store is maintained by IE. ... And this is the kicker u cant use SSL on w2003 IE on any other port apart ...
    (microsoft.public.inetserver.iis)
  • Re: SSL Multiple Ports
    ... >> mapping with client certs on the WS accessing my secure site. ... >> install a client web cert you get the above mentioned error. ...
    (microsoft.public.inetserver.iis)
  • Re: SSL Multiple Ports
    ... > IIS is used to serve SSL secured sites, ... Are you trying to use client ... The issuse is if u r using 2003 server as the WS and try to install a client web cert you get the above mentioned error. ...
    (microsoft.public.inetserver.iis)
  • Problem installing advanced client - ccmsetup service stays active.
    ... I am having a problem with 1 PCinstalling the advanced client. ... -Pushed client install from console but install ... SMS Advanced Client is not installed. ...
    (microsoft.public.sms.setup)