Hodel, Ray <hodel <at> umich.edu> writes: > > I was hoping someone would have experienced my problem before. Regardless, it all worked out. I manged > to resolve the problem and learn a few things. I'll post what I found here so that in case someone else > encounters the same problem it will be documented. > > In my previous post I mentioned that I had two certificates with the same domain (or Common Name). Seeing as > how I had two certificates with the same CommonName, the cosign module was, from what I could tell, > confused. I think it was trying to use the website certificate, which for some reason didn't work with > Cosign. Now that I understand more of how the Cosign Module works, it would have saved me some time by just > getting a new certificate with a different common name (i.e. cosign.pts.umich.edu). However, since > at the time I didn't realize that, I modified the cosign module to allow the use of FriendlyName attribute > in the crypto tag in the applicationHost.config file. So now I can look at the FriendlyName of the > certificates instead of the CommonName. That way I can go into the Certificate properties and change the > Friendly Name to something unique. > > So the lesson here is that if you have two certificates, one for IIS and another for Cosign Module, make sure > the Common Names are different. > > Ray > > ---------------------------------------------------------------------- --------------- > > From: Hodel, Ray > Sent: Thursday, January 12, 2012 8:38 AM > To: cosign-discuss <at> lists.sourceforge.net > Subject: Serivce Unavailable - Win2008 R2 IIS 7 > > I just migrated our department webserver to Windows 2008 R2 running IIS 7. I configured CoSign 3.1.0 and > everything was working fine. I later realized that the certificate I was using for my domain > (pts.umich.edu) was issued by UM Web > CA. So people were getting invalid certificate errors when accessing our secure site > (https://pts.umich.edu). I added the web cert, signed by DigiCert. > So now I have two certificates listed for pts.umich.edu. This is when Cosign stops working. I’m getting > “The service is unavailable.” > > I’m guessing that cosign doesn’t like that there are two certs for the same domain. So I remove the > DigiCert and revert back to the one from UM Web CA. I restart IIS and the app pools. I restart the server. I > removed all certs and re > imported it—making sure the permissions were set in the Cert Manager. I still get the same problem with > getting “The service is unavailable.” > > Here is a copy of the output from DebugView if this could help someone identify my problem. > > [REMOVED] > ---------------------------------------------------------------------- -------- > RSA(R) Conference 2012 > Mar 27 - Feb 2 > Save $400 by Jan. 27 > Register now! > http://p.sf.net/sfu/rsa-sfdev2dev2 >
Hi your post has been very helpful, thanks. Can you tell me how you get CoSign to look at the friendly name instead of the common name? Many Thanks, David ------------------------------------------------------------------------------ _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss
