For those of you who don't remember my original post, I've included it
below...
Yes I did get it resolved. Here were all the issues that I had:
1) Basically, you need to find out what account your application pool is
using. It is normally the IIS_USRS account but in my case, my server
group used a different account. Not sure why, but if you're not sure
what account your Application Pool is running under then do this:
a) From within IIS Manager click on your website under
connections. Then on the far right column click on Advanced Settings.
Your application pool will be display in the box that comes up. Click
out of that.
b) Go back to the Connections column and click on
Application Pools. Click on the application pool that your website is
using. Once that is selected click "Advanced Settings" in the far right
column. In the identity field under Process Model is the name of the
service which is running your IIS Service.
Thanks to Jarod from UMich for helping me to figure that out. Now
here's where you use that information...
The readme file for the latest version of Cosign has the correction and
I think I may have been the reason for that. It now states:
IIS_USRS (or the account or group IIS runs as) needs Full Control and
Read permissions in the following Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY
2) That fixes the 503 error but then you may find you have an unending
redirect loop. To fix that, use the same account that you used in #1
above, and give that same account permissions as below. The current
readme does not have the red italics part, but it should. I'm adding it
here:
Give IIS_IUSRS permission (or the account or group IIS runs as) from
within certificate manager.
Start -> Run
"mmc" (or mmc /64)
ctrl + M
Select Certificates
Add ->
select Computer Account
select Local Computer
Finish, Ok
Select Certificates -> Personal -> Certificates
Select the certificate that matches the one to use for cosign.
Right-click-> All Tasks -> Manage Private Keys
Give IIS_IUSRS (or the account or group IIS runs as) "Full
Control" and "Read" permissions.
And that should end your unending redirect loop and if it doesn't then
read on...
3) A guy that runs our central Cosign server on campus, Phil, helped me
out with this one. Older versions of Cosign didn't seem to care whether
you accessed the site as http:// or https://. The latest versions do
care. I had asked Phil to register my site and thoughtlessly just sent
him the link as http://. But when I tried to access our pages as
https://, I got an unending redirect loop error. When I told Phil about
it, he told me about the http vs https issue, changed the configuration
on his end to work with the https link and my problems were solved.
4) Except then, if people try to access your site using http:// when
you've designated it as https:// then they will either get an unending
redirect loop error or, if you have Require SSL selected, they'll get
the dreaded 403.4 Forbidden error. There's a good post to resolve this
issue at
http://www.sslshopper.com/iis7-redirect-http-to-https.html#jf70ce1352.
I used method #2 on this post and it works fine.
Hope that all helps and good luck.
Joy Shutterly
Lead Systems Analyst
Telecommunications and Networking Services
Penn State University
814-571-8708
------------------------------ Original Post
------------------------------------------
I've been trying to install Cosign on a Windows 2008 server. My website
blows up immediately with the dreaded 503 error after entering the
following command from the "readme" file:
appcmd install module /name:"Cosign" /image:"CosignModule.dl"
/add:"false"
As far as I can tell I have done everything right. I even installed the
Visual C++ 2008 redistributable at someone's suggestion. And in the cmd
prompt window, after I execute the above command, I get a msg indicating
that the module has been added, yet when I look at the Event Viewer, it
shows this error:
The Module name Cosign path CosignModule.dll returned an error from
registration. The data is the error.
Has anyone else had this problem and if so, what was done to resolve it?
Please let me know if you have any suggestions. Thank you!
Joy Shutterly
Lead Systems Analyst
Telecommunications and Networking Services
Penn State University
814-571-8708
-----Original Message-----
From: Joshua Baron [mailto:[email protected]]
Sent: Saturday, January 08, 2011 11:07 PM
To: [email protected]
Subject: Re: [Cosign-discuss] FW: Cosign trouble
Joy
Did you ever figure this out? I am having the same issue and I am
stumped.
Thanks!
Josh
------------------------------------------------------------------------
------
Gaining the trust of online customers is vital for the success of any
company
that requires sensitive data to be transmitted over the Web. Learn how
to
best implement a security strategy that keeps consumers' information
secure
and instills the confidence they need to proceed with transactions.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
------------------------------------------------------------------------------
Gaining the trust of online customers is vital for the success of any company
that requires sensitive data to be transmitted over the Web. Learn how to
best implement a security strategy that keeps consumers' information secure
and instills the confidence they need to proceed with transactions.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
