Certificate Services - can't connect using SSL
-
lundi 5 avril 2010 23:58
Greetings all - I'm working on setting up AD Cert Services on a 2008 R2 server as part of our new SCOM 2007 R2 installation. We need the Cert Server for cross-domain authentication in SCOM. We want this to be a stand-alone, not Enterprise, CS server.
I've installed the CS role per the documentation I've found online, created a root certificate named the same as the installation server and created the SSL binding for the default website. The cert appears valid and trusted when I view it.
I'm able to browse to the CertSrv site using HTTP just fine, but when I attempt to browse using HTTPS, I get Page Cannot Be Displayed. Nothing appears in the IIS log, which indicates that it's an SSL failure. In the Event Log i see Event ID 36888: "The following fatal alert was generated: 20. The internal error state is 960."
I'm having a hard time finding any useful data online related to that error... and of course I'm probably not looking correctly.
Any troubleshooting tips would be greatly appreciated!
Thanks.
Toutes les réponses
-
mercredi 7 avril 2010 02:39
Hi,
Have you installed a certificate on the IIS server? If you have installed a certificate, a possible cause is that the certificate is corrupt. Please request a new certificate from the CA and check the result.
Thanks.
This posting is provided "AS IS" with no warranties, and confers no rights.- Marqué comme réponse Joson Zhou mardi 13 avril 2010 02:17
-
lundi 12 avril 2010 20:40
Thanks for the reply. I have resolved this issue - it turns out that there was something wrong (corrupted or wrong cert type) with the cert I was using.
In the process I discovered a great new feature of IIS 7 - if you don't want to muck around with getting a cert signed by an external provider, the IIS console has a handy little button - "Generate self-signed cert". Give it a click, and presto! An SSL-enabled site!
It's interesting that the detail for eventID 36888 I was getting (fatal alert 20, error state 960) turned up basically no hits on Google. Hopefully this thread will help people who encounter that error in the future.
- Marqué comme réponse Joson Zhou mardi 13 avril 2010 02:17
-
mardi 13 avril 2010 02:17
Hi,
Thanks for your update and glad to hear the issue has been resolved.
For your reference, you can get more information about Configuring Server Certificates in IIS 7 by checking the link http://technet.microsoft.com/en-us/library/cc732230(WS.10).aspx.
Hope it is helpful for your work.
Have a nice day.
Joson Zhou
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact tngfb@microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights. -
jeudi 27 mai 2010 13:39
Hi.
I stumble up on a simular issue but with WLAN and RADIUS server problem.
We installed a WLAN controller and the Windows 2008 R2 server as certificate server and NPS.
Configure the Network access policy to match users in an domain group.
When the Radius server (NPS) should authenticate a user the error 36888 shown in the systemlog for the server. Schannel eventID 36888.
The following fatal alert was generated 20. the internal error state is 960.
After troubleshooting all kind of stuff, we reinstalled the Windows XP SP3 client.
Reconnected to the domain and waited for the policys to apply.
The problem solved!
//Stefan
.png)
