none
An unknown error occurred while processing the certificate when no CDP is defined RRS feed

  • Question

  • Hi,

    just to let you know that obviously the UAG SSL certificate check for backend servers fails when no CRL Distribution point is defined in the certificate.

    In the System Event Log you see entries like:

    "The certificate received from the remote server has not validated correctly. The error code is 0x80092012. The SSL connection request has failed. The attached data contains the server certificate." &

    "The following fatal alert was generated: 43. The internal error state is 552."

    As a workaround you could disable CRL checking globally on the UAG: Set ValidateRwsCertCRL to "0" (strangely it did not survive a reboot of the machine).


    Good luck

    Thomas

    Thursday, November 4, 2010 10:12 AM

Answers

  • If their internal domain matches their external domain you could suggest they get a 3rd party wildcard cert and use that everywhere.  I have seen clients do that and it's a fairly easy way of doing it.  Every server gets the same cert, but you also need to remember where it's installed so when it expires you can update everything.
    MrShannon | TechNuggets Blog | Concurrency Blogs
    • Marked as answer by Erez Benari Wednesday, November 24, 2010 7:03 PM
    Wednesday, November 10, 2010 11:37 AM

All replies