Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SSL Certifcates

Status
Not open for further replies.
spazman

spazman

Programmer
Joined
May 29, 2001
Messages
500
Location
CA
We have a external web site that I installed a certificate for. OWA access and other extranet sites.

However, one of these apps gets accessed internally.

So they can go to and the certifiacte is there all is good

but they to and they get the This certificate is not valid.

Is there a way to resolve this so that the app is secured form external sources but they can access it internally using http, or https without the certificate error.
 
Sort by date Sort by votes
Q: Are you using your own CA? What is the subject of the certificate? Is there any subject alternative name specified, if so, what is it? When they are prompted with this message in the browser, are they getting the continue button, or is it completely blocking access to the site? Is the front end server hosting OWA running Win2000 or 2003? WHat is the EXACT text of the error page that comes up?

"So they can go to and the certifiacte is there all is good"

Q: Does site.domain.com reflect a public or private domain name?

"but they to and they get the This certificate is not valid."

Q: Are they attempting by actually using a NetBIOS name as your example here, or are they trying something like


There are two possible solutions here that I think are probable, but they are dependent on the configuration of your certificate, so in order to take you down the correct path, I need the answers to my questions above, and if possible, the following command's output (this will actually tell me everything I need to know):

certutil -v -store MY > MY.txt & MY.txt


If you have certutil installed on your box, this will run the command, output it to a file, then open the text file for easy and immediate copy :)



Most likely you are looking at a name mismatch. I suspect your certificate has the subject matching the site.domain.com name, which is why access is allowed in. When you attempt to access using the internal name, the subject does not match, and no subject alternative name is defined, thereby prompting you with the error.


Oh I just noticed too, you mentioned an http address...if they are potentially accessing using both, you need to ensure that you do not have the website configured to required SSL...if you do, http will not work. HOWEVER, if your site is accessed externally, such as by the general public, if you configure a site to not require https, they will get access via http as well...http of course bypasses your certificate, and therefore the SSL channel...
If a site is configured to require SSL, http cannot be used....

-Brandon Wilson
MCSE:Security00/03
MCSA:Messaging00
MCSA:Security03
A+
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Stijn
  • Locked
  • Question Question
No access from LAN to FTP-site with SSL
Replies
0
Views
265
Stijn
Stijn
jefferj54
  • Locked
  • Question Question
SSL Certificate for Remote Desktop
Replies
0
Views
257
jefferj54
jefferj54
Remou
  • Locked
  • Question Question
SSL Bindings
Replies
2
Views
307
Remou
Remou
StaplesMan
  • Locked
  • Question Question
Block accessing Bad SSL certificat sites via GPO
Replies
2
Views
332
58sniper
58sniper
incron
  • Locked
  • Question Question
IIS 6.0 SSL - the connection to the server was reset
Replies
0
Views
156
incron
incron

Part and Inventory Search

Sponsor

Back
Top