none
RMS Analyzer Tool. Certificate validation RRS feed

  • Question

  • Hello,

    Our company has been using AD RMS on-premises (AD RMS Cluster deployed on two servers running Windows Server 2012 R2). An internal AD RMS name is “rms.int.my-domain.com”, an external AD RMS name is “rms.my-domain.com”. Clients can use AD RMS through Enternet (using ADFS) as well as from Internal corporate network.

    AD RMS seems to be working fine, but when I run RMS Analyzer Tool I get the following error message: "Certificate does not contain the service name rms.int.my-domain.com". But the SSL certificate does contain the service name “rms.int.my-domain.com” in his "Subject Alternative Name" field, and the certificate is valid. Actually the “Subject” field does not contain the internal service name “rms.int.my-domain.com”. It contains the external service name “rms.my-domain.com” only.

    It looks like RMS Analyzer Tool try to seek the service name in the “Subject” certificate field only, and ignores the “Subject Alternative Name” field.

    I would like to understand why RMS Analyzer Tool detects the error with SSL certificate? Might it cause any potential problems with our AD RMS? Could anyone please assist me to work this issue out?

    I have tryed to contact with RMS Analyzer Tool Team, but no success - unknown recipient :)

    Thanks in advance!

    BR, Andrey

    Thursday, April 13, 2017 12:25 PM

All replies

  • No, it should be fine. I think it's a problem with the tool logic. I'm not sure what the current strategy is with the tool after I left, but it was definitely being looked at for a major overhaul. I can ping a couple of people to check.
    Friday, April 21, 2017 5:09 PM
  • Hello Eddie,

    Thanks a lot for your response!

    If it is possible, will you please ask your guys regarding algorithm, which RMS Analyzer Tool uses, when it runs SSL certificate validation? Thanks again!

    BR, Andrey

    Monday, April 24, 2017 5:49 AM