SSL problem using Macintosh browser

[Bob Skutnick]

Greetings,
I'm hoping someone has experienced a problem I'm having:

I have an existing ASP application (working fine) that
uses an SSL server certificate. My user community is made
up of both PC's and Macintosh computers.

I've re-written this application in ASP.NET for a number
of reasons and now find that my Mac users are having
problems with the application. SSL works just fine for PC
users, won't work for Mac users (browser is Internet
Explorer). When a Mac user tries to login to my
application using SSL (https://) the browser produces an
error saying "Security failure, a secure connection could
not be established". Mac users can use the site/app
without SSL (http://)

This is the same server and site and server certificate
that was used with the ASP app. Is there a problem
using "server.transfer()" when SSL is part of the
equation? Any special web.config issues?

I'm truly stumped on this one... Thanks so much for any
assistance.

Bob Skutnick

 

[rmac]

The certificate gets installed automatically to the pc's
in your domain. You must install the DER certificate
manually on the Macs by going to your certificate server:
http://certsrvname/certsrv/

This is what worked for me.

HTH

 

[Bob Skutnick]

I'm a bit confused. This is not an intranet but an
internet app. Old ASP version never required installing
cedrtificates manually??

Bob

 

[rmac]

My mistake. Our Mac OS 9 users had experienced the same
error message as you after I had secured the site. I
wasn't using a trusted certificate. When I installed the
certificate they were able to establish a secure
connection.

 

[Bob Skutnick]

I'm still unclear about "installing the certificate". My
experience with SSL is light. I have a certificate I've
purchased from GeoTrust. It installs on the web server. I
enable SSL for the site on the server and the internet
users go the site using HTTPS: and SSL kicks in. Nothing
(installed) was required on the internet users end in the
past???

Thanks much.
Bob

 

[rmac]

Is this a new certificate? Maybe the Macs don't have this
certificate listed in the trusted store and the PC's do. I
do know that the company's certificate must be listed in
the ROOT store. If you have a Mac look in the trusted
store and see if you see this company's certificate
listed. To do this open IE. Then Edit>Preferences then
click "Security" under the "Web" category. This works for
Mac OS 8.6 and 9. I don't know about OS X. This is the
only reason I can think of that would explain your
problem. I don't have a lot of experience with
certificates either and, as far as Macs are concerned I
have found very little documentation on them.

Windows has an update for the ROOT certificate store for
pc's on their Windows Update site. I don't have any info
on updating Macs root store.

I am using VeriSign's certificate for one of our sites and
it establishes the secure connection. For the certificate
I issued I had to install the certificate to establish the
secure connection or I would receive the same error
message you are receiving.

 

[Alun Jones [MS MVP]]

I'm still unclear about "installing the certificate". My
experience with SSL is light. I have a certificate I've
purchased from GeoTrust. It installs on the web server. I
enable SSL for the site on the server and the internet
users go the site using HTTPS: and SSL kicks in. Nothing
(installed) was required on the internet users end in the
past???

If a certificate is automatically trusted by a client program, that means
that the client program (or the certificate store it references) trusts that
certificate or the certificate's issuer. Some clients (such as Internet
Explorer) ship with a list of "trusted roots" - certification authorities
that we trust to issue certificates to servers. Other clients ship without
trusted roots, and the user will need to install CAs' certificates to ensure
that certificates can be trusted by the client.

Obviously, the CA certificate for the CA that issued your certificate is in
the default set of trusted roots on the Windows systems, but not in the set
of trusted roots on the Macs. You can fix this in a number of ways - either
get the clients to install the CA's certificate, or your certificate, or get
your server's certificate from a CA that is trusted by more clients.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]