Hodel, Ray umich.edu> writes:
>
> I was hoping someone would have experienced my problem before.
Regardless, it all worked out. I manged
> to resolve the problem and learn a few things. I'll post what I found
here so that in case someone else
> encounters the same problem it will be documented.
>
> In my previous post I mentioned that I had two certificates with the
same domain (or Common Name). Seeing as
> how I had two certificates with the same CommonName, the cosign module
was, from what I could tell,
> confused. I think it was trying to use the website certificate, which
for some reason didn't work with
> Cosign. Now that I understand more of how the Cosign Module works, it
would have saved me some time by just
> getting a new certificate with a different common name (i.e.
cosign.pts.umich.edu). However, since
> at the time I didn't realize that, I modified the cosign module to
allow the use of FriendlyName attribute
> in the crypto tag in the applicationHost.config file. So now I can
look at the FriendlyName of the
> certificates instead of the CommonName. That way I can go into the
Certificate properties and change the
> Friendly Name to something unique.
>
> So the lesson here is that if you have two certificates, one for IIS
and another for Cosign Module, make sure
> the Common Names are different.
>
> Ray
>
> --
---
>
> From: Hodel, Ray
> Sent: Thursday, January 12, 2012 8:38 AM
> To: cosign-discuss lists.sourceforge.net
> Subject: Serivce Unavailable - Win2008 R2 IIS 7
>
> I just migrated our department webserver to Windows 2008 R2 running
IIS 7. I configured CoSign 3.1.0 and
> everything was working fine. I later realized that the certificate I
was using for my domain
> (pts.umich.edu) was issued by UM Web
> CA. So people were getting invalid certificate errors when accessing
our secure site
> (https://pts.umich.edu). I added the web cert, signed by DigiCert.
> So now I have two certificates listed for pts.umich.edu. This is
when Cosign stops working. I’m getting
> “The service is unavailable.”
>
> I’m guessing that cosign doesn’t like that there are two certs for the
same domain. So I remove the
> DigiCert and revert back to the one from UM Web CA. I restart IIS and
the app pools. I restart the server. I
> removed all certs and re
> imported it—making sure the permissions were set in the Cert Manager.
I still get the same problem with
> getting “The service is unavailable.”
>
> Here is a copy of the output from DebugView if this could help someone
identify my problem.
>
> [REMOVED]
> --
> RSA(R) Conference 2012
> Mar 27 - Feb 2
> Save $400 by Jan. 27
> Register now!
> http://p.sf.net/sfu/rsa-sfdev2dev2
>
Hi your post has been very helpful, thanks.
Can you tell me how you get CoSign to look at the friendly name instead
of the common name?
Many Thanks,
David
--
___
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
