mb2answers
asked on
500 Internal Server Error - The certificate chain was issued by an authority that is not trusted
Here's the problem,
We have a SBS server with ISA 2000, exchange 2003 and IIS all running on the same server. We recently changed company names and I started messing with the certs, like a stupid person. Now, when a user tries to access OWA, they get: 500 Internal Server Error - The certificate chain was issued by an authority that is not trusted. (-2146893019)
Internet Security and Acceleration Server. I am at a loss as to what to do. I have the orginal cert installed and back, howerver I keep getting this each time. Please help!!
We have a SBS server with ISA 2000, exchange 2003 and IIS all running on the same server. We recently changed company names and I started messing with the certs, like a stupid person. Now, when a user tries to access OWA, they get: 500 Internal Server Error - The certificate chain was issued by an authority that is not trusted. (-2146893019)
Internet Security and Acceleration Server. I am at a loss as to what to do. I have the orginal cert installed and back, howerver I keep getting this each time. Please help!!
Hi mb2
Not sure if the following site will help:
http://forums.isaserver.org/m_230004400/tm.htm
The issue seems to have been touched on there and could point you in the right direction!
Not sure if the following site will help:
http://forums.isaserver.org/m_230004400/tm.htm
The issue seems to have been touched on there and could point you in the right direction!
ASKER
I have already been through that article with no sucess. Any other ideas?
ASKER
This may help as well. Before I messed with it, when you went to the site, it would prompt you to install the certificae, no it does not.
Problem is with Master certificate on server, whether or not you are using a commercial certificate, from Verisign etc, or one generated localy, the certificate contains the server name (Domain Name strictly), and this is why you are now getting errors. Only solution is to generate new certificate with correct name
Sorry finger trouble, had not finished posting.
To check problem go to Internet Services Manager - Select webmail site - Properties - Directory Security - At bottom under Secure Communications - View Certificate Details - will show both "Issued to" must match full Website Name, and "Issued by" must match Domain (For Internal Cert), or Trusted Supplier (e.g Verisign) (For External Cert).
If you have changed either Site Name, or Domain Name, Certificate is no longer valid (Trusted).
To check problem go to Internet Services Manager - Select webmail site - Properties - Directory Security - At bottom under Secure Communications - View Certificate Details - will show both "Issued to" must match full Website Name, and "Issued by" must match Domain (For Internal Cert), or Trusted Supplier (e.g Verisign) (For External Cert).
If you have changed either Site Name, or Domain Name, Certificate is no longer valid (Trusted).
ASKER
both issued to and issued by are the correct domain name. This is a self generated cert. Is there something that ISA needs to use the cert? Where does the cert need to be installed? I tried to put everything back the way it was. But still haveing the same issue.
Yes there is something needed, too long since I did this, to explain myself, and don't want to upset my server by checking details here, but following should help you through process.
http://hellomate.typepad.com/exchange/2004/07/this_security_c.html
http://hellomate.typepad.com/exchange/2004/07/this_security_c.html
ASKER
Reistalled the cert, still nothing.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
You are correct. It was a problem with the cert. Unfortunatly on a SBS Server there is an easy was to fix it but didn't know it. After messing with the certs I had another error and found an article that resolved the issue: http://support.microsoft.com/kb/842612 this wizard fixed the whole thing.
Nice, last contact I had with SBS was NT 4.5, did not have any nice features like that then.
ASKER
Yeah, what would be even nicer would be if microsoft had an easier way to find support. Digging through their stuff is a nightmare.
ASKER