No announcement yet.

Ex07, ISA, -- OWA+self signed certs, internal PKI

  • Filter
  • Time
  • Show
Clear All
new posts

  • Ex07, ISA, -- OWA+self signed certs, internal PKI

    we planed used selfsigned certificate for authorising our user from I-net to OWA.
    But when we set up to constrain delegation, we had a error 403,12202.

    SPN is set, in the same name in ISA
    All servers are in the same domain
    All certs was made by the same internal RCA
    KD was set in AD for ISA to CAS
    Alternative names on CAS are listed by 1.all hosts, 2. all fqdn

    Without contrain delegation everything works fine. Non of user can access to OWA without our selfsigned certificate.(ISA only validate RootCA of client certs)

    We have read many links and settings about it
    and others ...

    Which kind of usage have to set up on client cert ? (digital signature,non-repudiation)
    How we can monitor this type of authentication (more detailly) ?
    Does anybody know how can indentify a user under service is running /SPNs/ ?
    How much SPNs can to be registered for http/ service for machine account ? (one only or more ?)
    Does exist somebody who implement it have experience ?
    Last edited by mayo; 26th October 2009, 10:40. Reason: the next question

    be sure, nobody know what you think, but we know what you do.