none
SSL connection reset by server with certain Certificate RRS feed

  • Question

  • Has anyone seen this issue:

    If I install a self generated (untrusted) SSL certificate on the UAG server, the portal pages works normally on every client computer, except for the cert error. When I configure Verisign EV certificate with SAN extensions (two domain names), Windows 7 and Windows 2008 clients can see the portal page as normal. But Windows XP clients fail to see the page. Network capture at the client end shows that server reset the connection. I have tried to use this same certificate on two UAG servers, and seen the same effect on both. Looking at the cert, it does not appear there is anything working with that.

    Does anyone have any ideas about what could be causing this issue? Thanks.

    Tuesday, November 16, 2010 10:46 PM

Answers

  • Darren, thank you for the response. That document from Verisign applies to IE7. We are using IE8 on XP-sp3, so that does not apply. IE8 on XP-sp3 should be able to work with EV certificates. This is what we found was the real issue in our case:

    http://www.openg.info/entry/window-39-ssl-cipher-suite-restricted-ssl-certificates

    We exporrted the certificate, including private key, and selected option to delete the private key after export. We then deleted the certificate, and imported the one (including private key) that we had exported earlier. Changes took effect after the server restart.

    Thanks.

    • Marked as answer by Erez Benari Wednesday, November 24, 2010 6:28 PM
    Friday, November 19, 2010 2:42 PM

All replies