ISA Server 2000 cannot access an imported SSL certificate (837350)
The information in this article applies to:
- Microsoft Internet Security and Acceleration Server 2000
SYMPTOMSWhen a computer that is running Microsoft Internet Security and Acceleration Server (ISA) 2000 tries to access a Secure Socket Layer (SSL) certificate that is imported from a Web server, you may receive an error message that is similar to the following: There are no certificates configured on this server. You may also find the following event ID message logged in the application event log:Event Type: Error
Event Source: Microsoft ISA Server Control
Event Category: None
Event ID: 12260
Date: 08-01-2004
Time: 10:56:59
Computer: ComputerNameDescription:
Fatal error occurred when attempting to access 'certificate-name' certificate private key. For more information about this event, see ISA Server Help. The error code in the Data area of the event properties indicates the cause of the failure. Note In this event ID message, ComputerName is a placeholder for the actual computer name. CAUSEThis problem occurs if one of the following conditions is true: - The SSL certificate and its corresponding private key are not imported to the correct ISA Server certificate and private key store.
- The SSL certificate is moved from one certificate store to another certificate store. This action causes the SSL certificate to separate from its corresponding private key.
Note When you publish an SSL site in ISA Server, you export the SSL server certificate with its corresponding private key from the Web server. You then import the SSL server certificate with its corresponding private key to the ISA Server certificate and private key store. This process makes ISA Server behave as the internal Web server by binding the SSL server certificate to the Incoming Web Requests listener that is used to accept client requests for the Web server. RESOLUTIONTo resolve this problem, follow these steps: - Export the SSL certificate and its corresponding private key to a file. To do this, follow these steps:
- In the Microsoft Management Console (MMC), open the Certificates snap-in.
- Locate the SSL certificate that you imported from the Web server.
- Right-click the SSL certificate, point to All Tasks, and then click Export.
- In the Certificate Export Wizard, click Next.
- Under Do you want to export the private key with the certificate, click Yes, export the private key.
- Click Personal Information Exchange - PKCS # 12 (.PFX), and then click Next.
- Type a password in the Password box, type the password again in the Confirm password box, and then click OK.
- In the File name box, type a name for the file that you want to export or click Browse to locate a file, and then click Next.
Note Remember the location that you specify in the File name box. - Click Finish.
- After you export the SSL certificate to a file, delete the SSL certificate and its corresponding private key from the certificate store.
- Import the SSL certificate and its corresponding private key to the correct certificate and private key store. To do this, follow these steps:
- In the MMC, open the Certificates snap-in.
- Double-click Certificates.
- Right-click the Personal certificate store, point to All Tasks, and then click Import.
- In the Certificate Import Wizard, click Next.
- Type the name of the file that you want to import in the File name box.
Note The file name that you type in the File name box is the same file name that you used to export the certificate in step 1h. - Type the password that you used in step 1g in the Password box.
- Click to select the Mark the private key as exportable check box.
- Make sure that the Place all certificates in the following store option is selected and that the Personal certificate store appears in the Certificate store box.
- Click Next, and then click Finish.
REFERENCES
For additional information about setting permissions on certificates folders, click the following article number to view the article in the Microsoft Knowledge Base:
278381
Default permissions for the MachineKeys folders
For additional information about setting up ISA Server to host Web sites by using the SSL protocol, click the following article number to view the article in the Microsoft Knowledge Base:
292569
Set up Internet Security and Acceleration Server to host Web sites by using the Secure Sockets Layer protocol
Modification Type: | Major | Last Reviewed: | 5/7/2004 |
---|
Keywords: | kbprb KB837350 kbAudEndUser |
---|
|