I have a remote CA. Copied the Certificate Chain from the CA using USB and copied the same in IAG (SP2 U3) trusted root certificates.
Now is it mandatory for IAG to talk to CA after this?
The issue i am facing is When i check the Use Endpoint Certification check box in Advanced Configuration--> session tab, I am getting an error pageg in IE stating "Internet Explorer cannot display the webpage". When i see the HTTP Watch There is an Error "ERROR_HTTP_INVALID_SERVER_RESPONSE" for the GET request to the URL "https://remote.marksandspencercate.com/InternalSite/cert.asp?site_name=remote"
Todas las respuestas
You mentioned the certificate chain but not the Certificate Revocation List, perhaps it is trying to retrieve the CRLs from an internal only URL?
I also notice that https://remote.marksandspencercate.com/ uses a self signed certificate so you will get errors because of that.
Normally in a properly configured public facing PKI things validating the certificate do not talk to the CA but they do talk to the AIA (CA certificates) and CDP (CRLs) locations which are normally public URLs. In poorly designed or internal only PKIs things validating the certificate will try to talk to an internal LDAP server or URL.
(note some designs use OCSP instead of, or as well as CRLs but basically you have the same issue).